CVE-2016-20011 log

Source
Severity Medium
Remote Yes
Type Man-in-the-middle
Description
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
Group Package Affected Fixed Severity Status Ticket
AVG-1993 libgrss 0.7.0+16+g971c421-3 Medium Vulnerable
References
https://bugzilla.gnome.org/show_bug.cgi?id=772647
https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7