CVE-2016-20011
N/A
N/A
Summary
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.gnome.org/show_bug.cgi?id=772647
- https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
- https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch
References
- https://bugzilla.gnome.org/show_bug.cgi?id=772647
- https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
- https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.