Описание
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libgrss | unfixed | package | ||
| libgrss | ignored | bookworm | package | |
| libgrss | ignored | bullseye | package | |
| libgrss | ignored | buster | package | |
| libgrss | ignored | stretch | package |
Примечания
https://bugzilla.gnome.org/show_bug.cgi?id=772647
https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
Связанные уязвимости
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
Уязвимость библиотеки управления потоками RSS/Atom/Pie LibGRSS, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю оказать воздействие на целостность данных