Source: evolution-rss Version: 0.3.96-4 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 0.3.96-2 Control: found -1 0.3.95-9
Hi, The following vulnerability was published for evolution-rss. CVE-2021-39361[0]: | In GNOME evolution-rss through 0.3.96, network-soup.c does not enable | TLS certificate verification on the SoupSessionSync objects it | creates, leaving users vulnerable to network MITM attacks. NOTE: this | is similar to CVE-2016-20011. TTBOMK, no fix exists yet at time of writing, bug filled to track the upstream issue downstream so far. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-39361 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39361 [1] https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
