Bug#961756: glib-networking: CVE-2020-13645: GTlsClientConnection silently ignores unset server identity

On Thu, 28 May 2020 at 22:41:19 +0200, Salvatore Bonaccorso wrote: > CVE-2020-13645[0]: > | In GNOME glib-networking through 2.64.2, the implementation of > | GTlsClientConnection skips hostname verification of the server's TLS > | certificate if the application fails to specify the expected

Bug#961756: glib-networking: CVE-2020-13645: GTlsClientConnection silently ignores unset server identity

Hi, On Fri, May 29, 2020 at 11:29:24AM +0100, Simon McVittie wrote: > On Thu, 28 May 2020 at 22:41:19 +0200, Salvatore Bonaccorso wrote: > > The following vulnerability was published for glib-networking. > > > > CVE-2020-13645[0]: > > | In GNOME glib-networking through 2.64.2, the implementation

Bug#961756: glib-networking: CVE-2020-13645: GTlsClientConnection silently ignores unset server identity

On Thu, 28 May 2020 at 22:41:19 +0200, Salvatore Bonaccorso wrote: > The following vulnerability was published for glib-networking. > > CVE-2020-13645[0]: > | In GNOME glib-networking through 2.64.2, the implementation of > | GTlsClientConnection skips hostname verification of the server's TLS >

Bug#961756: glib-networking: CVE-2020-13645: GTlsClientConnection silently ignores unset server identity

Source: glib-networking Version: 2.64.2-1 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135 Hi, The following vulnerability was published for glib-networking. CVE-2020-13645[0]: | In GNOME glib-networking through 2.64.2, the