Bug 792264 (CVE-2016-20011)

Summary:	net-libs/libgrss: Does not perform TLS certificate validation (CVE-2016-20011)
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	minor	CC:	gnome
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
Whiteboard:	B3 [upstream]
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	792267

Description Sam James archtester

2021-05-26 16:43:31 UTC

Description:
"libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync."

https://bugzilla.gnome.org/show_bug.cgi?id=772647
https://gitlab.gnome.org/GNOME/libgrss/-/issues/4

Comment 1 NATTkA bot gentoo-dev

2021-07-29 17:22:16 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:30:30 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 3 NATTkA bot gentoo-dev

2021-07-29 17:38:27 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:46:35 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 18:02:33 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 18:10:50 UTC

Package list is empty or all packages have requested keywords.