CVE-2021-36377 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Certificate verification bypass
Description	Fossil before version 2.15.2 often skips the hostname check during TLS certificate validation.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2146	fossil	2.15.1-1	2.16-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
10 Aug 2021	ASA-202108-8	AVG-2146	fossil	High	certificate verification bypass

References
https://www.fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036 https://www.fossil-scm.org/home/info/aaab2a15d1dfc22f5453c2bad8f25ecf518ed3eef9a7fa6f4c5bd69ab4e4b075

References

https://www.fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036
https://www.fossil-scm.org/home/info/aaab2a15d1dfc22f5453c2bad8f25ecf518ed3eef9a7fa6f4c5bd69ab4e4b075