Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 809719 (CVE-2021-39359)

Summary: gnome-extra/libgda: improper TLS verification (CVE-2021-39359)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [upstream]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 792267    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-23 00:26:37 UTC
CVE-2021-39359 (https://gitlab.gnome.org/GNOME/libgda/-/issues/249):

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.