CVE-2021-39360 (https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/): In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f4a91806a55257b5aa42103e6c00ff7ac02e6c2 commit 5f4a91806a55257b5aa42103e6c00ff7ac02e6c2 Author: David Seifert <soap@gentoo.org> AuthorDate: 2023-04-30 10:06:22 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2023-04-30 10:06:22 +0000 net-libs/libzapojit: treeclean Bug: https://bugs.gentoo.org/809716 Signed-off-by: David Seifert <soap@gentoo.org> net-libs/libzapojit/Manifest | 1 - net-libs/libzapojit/libzapojit-0.0.3-r2.ebuild | 38 -------------------------- net-libs/libzapojit/metadata.xml | 11 -------- profiles/package.mask | 1 - 4 files changed, 51 deletions(-)