Описание
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| messagelib | fixed | 4:25.08.3-3 | package | |
| messagelib | no-dsa | trixie | package | |
| kf5-messagelib | removed | package | ||
| kf5-messagelib | no-dsa | bookworm | package | |
| kf5-messagelib | postponed | bullseye | package |
Примечания
https://github.com/KDE/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3 (v25.11.90)
Связанные уязвимости
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
Уязвимость библиотеки для обработки сообщений messagelib, связанная с ошибками процедуры подтверждения подлинности сертификата. Эксплуатация уязвимости может позволить нарушителю оказать воздействие на целостность защищаемой информации
