CVE-2016-20011

CVE-2016-20011

Name

CVE-2016-20011

Description

libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugzilla.gnome.org/show_bug.cgi?id=772647
MISC	https://gitlab.gnome.org/GNOME/libgrss/-/issues/4

Type

URI

MISC

https://bugzilla.gnome.org/show_bug.cgi?id=772647

MISC

https://gitlab.gnome.org/GNOME/libgrss/-/issues/4

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gnome:libgrss::::::::`	libgrss	>= None	<= 0.7.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gnome:libgrss:*:*:*:*:*:*:*:*

libgrss

>= None

<= 0.7.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libgrss	3.13-community	0.7.0-r1	Rasmus Thomsen <oss@cogitri.dev>	fixed
libgrss	3.14-community	0.7.0-r1	Rasmus Thomsen <oss@cogitri.dev>	fixed
libgrss	3.15-community	0.7.0-r1	Rasmus Thomsen <oss@cogitri.dev>	fixed
libgrss	3.16-community	0.7.0-r1	Rasmus Thomsen <oss@cogitri.dev>	fixed

Source package

Branch

Version

Maintainer

Status

libgrss

3.13-community

0.7.0-r1

Rasmus Thomsen <oss@cogitri.dev>

fixed

libgrss

3.14-community