[SECURITY] [DSA 4964-1] grilo security update

2021-08-2719:01:49

lists.debian.org

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.1%

JSON

Debian Security Advisory DSA-4964-1 [email protected]
https://www.debian.org/security/ Alberto Garcia
August 27, 2021 https://www.debian.org/security/faq

Package : grilo
CVE ID : CVE-2021-39365
Debian Bug : 992971

Michael Catanzaro reported a problem in Grilo, a framework for
discovering and browsing media. TLS certificate verification is not
enabled on the SoupSessionAsync objects created by Grilo, leaving users
vulnerable to network MITM attacks.

For the oldstable distribution (buster), this problem has been fixed
in version 0.3.7-1+deb10u1.

For the stable distribution (bullseye), this problem has been fixed in
version 0.3.13-1+deb11u1.

We recommend that you upgrade your grilo packages.

For the detailed security status of grilo please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/grilo

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9i386libgrilo-0.3-bin< 0.3.2-2+deb9u1libgrilo-0.3-bin_0.3.2-2+deb9u1_i386.deb
Debian11s390xgir1.2-grilo-0.3< 0.3.13-1+deb11u1gir1.2-grilo-0.3_0.3.13-1+deb11u1_s390x.deb
Debian11s390xlibgrilo-0.3-dev< 0.3.13-1+deb11u1libgrilo-0.3-dev_0.3.13-1+deb11u1_s390x.deb
Debian10armellibgrilo-0.3-dev< 0.3.7-1+deb10u1libgrilo-0.3-dev_0.3.7-1+deb10u1_armel.deb
Debian11arm64gir1.2-grilo-0.3< 0.3.13-1+deb11u1gir1.2-grilo-0.3_0.3.13-1+deb11u1_arm64.deb
Debian10amd64gir1.2-grilo-0.3< 0.3.7-1+deb10u1gir1.2-grilo-0.3_0.3.7-1+deb10u1_amd64.deb
Debian9armhfgir1.2-grilo-0.3< 0.3.2-2+deb9u1gir1.2-grilo-0.3_0.3.2-2+deb9u1_armhf.deb
Debian10amd64libgrilo-0.3-0< 0.3.7-1+deb10u1libgrilo-0.3-0_0.3.7-1+deb10u1_amd64.deb
Debian10mipsellibgrilo-0.3-bin-dbgsym< 0.3.7-1+deb10u1libgrilo-0.3-bin-dbgsym_0.3.7-1+deb10u1_mipsel.deb
Debian11armhflibgrilo-0.3-bin< 0.3.13-1+deb11u1libgrilo-0.3-bin_0.3.13-1+deb11u1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	i386	libgrilo-0.3-bin	< 0.3.2-2+deb9u1	libgrilo-0.3-bin_0.3.2-2+deb9u1_i386.deb
Debian	11	s390x	gir1.2-grilo-0.3	< 0.3.13-1+deb11u1	gir1.2-grilo-0.3_0.3.13-1+deb11u1_s390x.deb
Debian	11	s390x	libgrilo-0.3-dev	< 0.3.13-1+deb11u1	libgrilo-0.3-dev_0.3.13-1+deb11u1_s390x.deb
Debian	10	armel	libgrilo-0.3-dev	< 0.3.7-1+deb10u1	libgrilo-0.3-dev_0.3.7-1+deb10u1_armel.deb
Debian	11	arm64	gir1.2-grilo-0.3	< 0.3.13-1+deb11u1	gir1.2-grilo-0.3_0.3.13-1+deb11u1_arm64.deb
Debian	10	amd64	gir1.2-grilo-0.3	< 0.3.7-1+deb10u1	gir1.2-grilo-0.3_0.3.7-1+deb10u1_amd64.deb
Debian	9	armhf	gir1.2-grilo-0.3	< 0.3.2-2+deb9u1	gir1.2-grilo-0.3_0.3.2-2+deb9u1_armhf.deb
Debian	10	amd64	libgrilo-0.3-0	< 0.3.7-1+deb10u1	libgrilo-0.3-0_0.3.7-1+deb10u1_amd64.deb
Debian	10	mipsel	libgrilo-0.3-bin-dbgsym	< 0.3.7-1+deb10u1	libgrilo-0.3-bin-dbgsym_0.3.7-1+deb10u1_mipsel.deb
Debian	11	armhf	libgrilo-0.3-bin	< 0.3.13-1+deb11u1	libgrilo-0.3-bin_0.3.13-1+deb11u1_armhf.deb