[ubuntu/xenial-security] glib-networking 2.48.2-1~ubuntu16.04.2 (Accepted)
Alex Murray
alex.murray at canonical.com
Mon Jun 29 01:35:52 UTC 2020
glib-networking (2.48.2-1~ubuntu16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: Failure to validate TLS certificate hostname in
certain conditions, contrary to documented behaviour
- debian/patches/CVE-2020-13645.patch: Fail certificate verification
when the server identity is missing. Based on upstream patch.
- debian/patches/update-test-certs-for-gnutls.patch: Update the
certificates used for unit test. Taken from upstream.
- debian/patches/allow-insecure-md2-cert-in-test.patch: Allow insecure
md2 certificate to used for one unit test. Taken from upstream.
- CVE-2020-13645
Date: 2020-06-25 06:47:23.213023+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/glib-networking/2.48.2-1~ubuntu16.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list