[Buildroot] [git commit] package/glib-networking: security bump to version 2.62.4
Peter Korsgaard
peter at korsgaard.com
Tue Jun 2 09:34:46 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> commit: https://git.buildroot.net/buildroot/commit/?id=8f3d361f5ccbb43270f9e69bf6ac472698d3722e
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> - Fix CVE-2020-13645: In GNOME glib-networking through 2.64.2, the
> implementation of GTlsClientConnection skips hostname verification of
> the server's TLS certificate if the application fails to specify the
> expected server identity. This is in contrast to its intended
> documented behavior, to fail the certificate verification.
> Applications that fail to provide the server identity, including Balsa
> before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the
> certificate is valid for any host.
> - Update indentation in hash file (two spaces)
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> [Peter: bump to 2.62.4 rather than 2.64.3]
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2020.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list