[ubuntu/xenial-updates] glib-networking 2.48.2-1~ubuntu16.04.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Jun 29 01:58:14 UTC 2020
glib-networking (2.48.2-1~ubuntu16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: Failure to validate TLS certificate hostname in
certain conditions, contrary to documented behaviour
- debian/patches/CVE-2020-13645.patch: Fail certificate verification
when the server identity is missing. Based on upstream patch.
- debian/patches/update-test-certs-for-gnutls.patch: Update the
certificates used for unit test. Taken from upstream.
- debian/patches/allow-insecure-md2-cert-in-test.patch: Allow insecure
md2 certificate to used for one unit test. Taken from upstream.
- CVE-2020-13645
Date: 2020-06-25 06:47:23.213023+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/glib-networking/2.48.2-1~ubuntu16.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list