Your submission was sent successfully! Close

CVE-2021-39365

Published: 22 August 2021

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
grilo
Launchpad, Ubuntu, Debian
bionic
Released (0.3.4-1ubuntu0.1)
focal
Released (0.3.12-1ubuntu0.1)
hirsute
Released (0.3.13-1ubuntu0.1)
impish
Released (0.3.13-1.1)
jammy
Released (0.3.13-1.1)
trusty Does not exist

upstream Needs triage

xenial
Released (0.2.15-1ubuntu0.1~esm1)
Patches:
upstream: https://gitlab.gnome.org/GNOME/grilo/-/commit/cd2472e506dafb1bb8ae510e34ad4797f63e263e