libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
References
Link Resource
https://bugzilla.gnome.org/show_bug.cgi?id=772647 Issue Tracking Vendor Advisory
https://gitlab.gnome.org/GNOME/libgrss/-/issues/4 Issue Tracking Vendor Advisory
https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patch Mailing List Patch Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-25T20:09:43

Updated: 2021-06-08T13:13:53

Reserved: 2021-05-25T00:00:00


Link: CVE-2016-20011

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-05-25T21:15:07.290

Modified: 2021-06-09T15:03:47.777


Link: CVE-2016-20011

JSON object: View

cve-icon Redhat Information

No data.

CWE