CVE-2021-39365 (https://gitlab.gnome.org/GNOME/grilo/-/issues/146): In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Patch: https://gitlab.gnome.org/GNOME/grilo/-/commit/cd2472e506dafb1bb8ae510e34ad4797f63e263e
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05d1238ef466bbb8f266f6ed6cd749b0db1b242a commit 05d1238ef466bbb8f266f6ed6cd749b0db1b242a Author: Pacho Ramos <pacho@gentoo.org> AuthorDate: 2021-11-11 13:14:07 +0000 Commit: Pacho Ramos <pacho@gentoo.org> CommitDate: 2021-11-11 13:52:04 +0000 media-libs/grilo: Bump to 0.3.14 Bug: https://bugs.gentoo.org/809713 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Pacho Ramos <pacho@gentoo.org> media-libs/grilo/Manifest | 1 + media-libs/grilo/grilo-0.3.14.ebuild | 77 ++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+)
Please file a stablereq when ready.