721464 – (CVE-2020-12474) <net-im/telegram-desktop{-bin}-2.1.0: Homograph vulnerability (CVE-2020-12474)

Bug 721464 (CVE-2020-12474) - <net-im/telegram-desktop{-bin}-2.1.0: Homograph vulnerability (CVE-2020-12474)

Summary: <net-im/telegram-desktop{-bin}-2.1.0: Homograph vulnerability (CVE-2020-12474)

Status:	RESOLVED FIXED

Alias:	CVE-2020-12474

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://github.com/VijayT007/Vulnerab...
Whiteboard:	B4 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2020-05-07 12:36 UTC by GLSAMaker/CVETool Bot
Modified:	2020-07-26 05:25 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	=net-im/telegram-desktop-2.1.0 amd64 =media-libs/libtgvoip-2.4.4_p20200430 amd64
Runtime testing required:	---

Flags:	nattka: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2020-05-07 12:36:37 UTC

CVE-2020-12474 (https://nvd.nist.gov/vuln/detail/CVE-2020-12474):
  Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and
  Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in
  a public URL or a group chat invitation URL.

Comment 1 Agostino Sarubbo gentoo-dev

2020-05-14 13:22:25 UTC

amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 2 Georgy Yakovlev archtester

2020-05-25 07:04:39 UTC

cleanup done

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=896e52611d837f4784ef6cfc90d2445c2a5a1f55

Comment 3 NATTkA bot gentoo-dev

2020-06-14 21:10:04 UTC

Unable to check for sanity:

> no match for package: =net-im/telegram-desktop-2.1.0

Comment 4 Sam James archtester

2020-07-26 05:25:14 UTC

GLSA vote: no!

Closing.