CVE-2016-20011 - log back

CVE-2016-20011 edited at 08 Jun 2021 07:32:51
References
https://bugzilla.gnome.org/show_bug.cgi?id=772647
https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+ https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7
CVE-2016-20011 edited at 25 May 2021 21:55:34
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Man-in-the-middle
Description
+ libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
References
+ https://bugzilla.gnome.org/show_bug.cgi?id=772647
+ https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
+ https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
Notes
CVE-2016-20011 created at 25 May 2021 21:54:18