Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 721464 (CVE-2020-12474) - <net-im/telegram-desktop{-bin}-2.1.0: Homograph vulnerability (CVE-2020-12474)
Summary: <net-im/telegram-desktop{-bin}-2.1.0: Homograph vulnerability (CVE-2020-12474)
Alias: CVE-2020-12474
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa cve]
Depends on:
Reported: 2020-05-07 12:36 UTC by GLSAMaker/CVETool Bot
Modified: 2020-07-26 05:25 UTC (History)
1 user (show)

See Also:
Package list:
=net-im/telegram-desktop-2.1.0 amd64 =media-libs/libtgvoip-2.4.4_p20200430 amd64
Runtime testing required: ---
nattka: sanity-check-


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-05-07 12:36:37 UTC
CVE-2020-12474 (
  Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and
  Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in
  a public URL or a group chat invitation URL.
Comment 1 Agostino Sarubbo gentoo-dev 2020-05-14 13:22:25 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 3 NATTkA bot gentoo-dev 2020-06-14 21:10:04 UTC
Unable to check for sanity:

> no match for package: =net-im/telegram-desktop-2.1.0
Comment 4 Sam James archtester gentoo-dev Security 2020-07-26 05:25:14 UTC
GLSA vote: no!