UbuntuUpdates.org

Package "glib-networking-dbg"

Name: glib-networking-dbg

Description:

network-related giomodules for GLib - debugging symbols

Latest version: 2.48.2-1~ubuntu16.04.2
Release: xenial (16.04)
Level: security
Repository: main
Head package: glib-networking

Links


Download "glib-networking-dbg"


Other versions of "glib-networking-dbg" in Xenial

Repository Area Version
base main 2.48.0-1
updates main 2.48.2-1~ubuntu16.04.2

Changelog

Version: 2.48.2-1~ubuntu16.04.2 2020-06-29 02:06:19 UTC

  glib-networking (2.48.2-1~ubuntu16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Failure to validate TLS certificate hostname in
    certain conditions, contrary to documented behaviour
    - debian/patches/CVE-2020-13645.patch: Fail certificate verification
      when the server identity is missing. Based on upstream patch.
    - debian/patches/update-test-certs-for-gnutls.patch: Update the
      certificates used for unit test. Taken from upstream.
    - debian/patches/allow-insecure-md2-cert-in-test.patch: Allow insecure
      md2 certificate to used for one unit test. Taken from upstream.
    - CVE-2020-13645

 -- Alex Murray <email address hidden> Tue, 23 Jun 2020 16:38:37 +0930

CVE-2020-13645 In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if th



About   -   Send Feedback to @ubuntu_updates