2 matches found
MGASA-2021-0343 Updated libgrss packages fix security vulnerability
libgrss does not perform any TLS certificate verification because it uses the deprecated SoupSessionAsync, which requires manually enabling certificate verification, rather than a modern SoupSession that has good defaults CVE-2016-20011...
CVE-2016-20011
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync...