Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 721464 (CVE-2020-12474)

Summary: <net-im/telegram-desktop{-bin}-2.1.0: Homograph vulnerability (CVE-2020-12474)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gyakovlev
Priority: Normal Flags: nattka: sanity-check-
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-12474
Whiteboard: B4 [noglsa cve]
Package list:
=net-im/telegram-desktop-2.1.0 amd64 =media-libs/libtgvoip-2.4.4_p20200430 amd64
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2020-05-07 12:36:37 UTC
CVE-2020-12474 (https://nvd.nist.gov/vuln/detail/CVE-2020-12474):
  Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and
  Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in
  a public URL or a group chat invitation URL.
Comment 1 Agostino Sarubbo gentoo-dev 2020-05-14 13:22:25 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 3 NATTkA bot gentoo-dev 2020-06-14 21:10:04 UTC
Unable to check for sanity:

> no match for package: =net-im/telegram-desktop-2.1.0
Comment 4 Sam James gentoo-dev Security 2020-07-26 05:25:14 UTC
GLSA vote: no!

Closing.