Bug 721464 (CVE-2020-12474)

Summary:	<net-im/telegram-desktop{-bin}-2.1.0: Homograph vulnerability (CVE-2020-12474)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	gyakovlev
Priority:	Normal	Flags:	nattka: sanity-check-
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-12474
Whiteboard:	B4 [noglsa cve]
Package list:	=net-im/telegram-desktop-2.1.0 amd64 =media-libs/libtgvoip-2.4.4_p20200430 amd64	Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2020-05-07 12:36:37 UTC

CVE-2020-12474 (https://nvd.nist.gov/vuln/detail/CVE-2020-12474):
  Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and
  Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in
  a public URL or a group chat invitation URL.

Comment 1 Agostino Sarubbo gentoo-dev

2020-05-14 13:22:25 UTC

amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 2 Georgy Yakovlev archtester

2020-05-25 07:04:39 UTC

cleanup done

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=896e52611d837f4784ef6cfc90d2445c2a5a1f55

Comment 3 NATTkA bot gentoo-dev

2020-06-14 21:10:04 UTC

Unable to check for sanity:

> no match for package: =net-im/telegram-desktop-2.1.0

Comment 4 Sam James archtester

2020-07-26 05:25:14 UTC

GLSA vote: no!

Closing.