Description: "In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource." Patch: https://github.com/mltframework/shotcut/commit/f008adc039642307f6ee3378d378cdb842e52c1d
Please bump to 20.09.13.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97213464378a284b250c6e0c1b1b956d1e79b4fd commit 97213464378a284b250c6e0c1b1b956d1e79b4fd Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-10-23 16:12:55 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-10-23 16:12:55 +0000 profiles: Mask media-libs/webvfx, media-video/shotcut for removal Bug: https://bugs.gentoo.org/688850 Bug: https://bugs.gentoo.org/744199 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+)
Vulnerable version was dropped in commit fec56e0dfda7b516cc06a5e395ce72f77a125697.
(In reply to Andreas Sturmlechner from comment #3) > Vulnerable version was dropped in commit > fec56e0dfda7b516cc06a5e395ce72f77a125697. Thanks! Closing.