package/glib-networking: security bump to version 2.62.4 (8f3d361f) · Commits · Arm Reference Solutions / buildroot

Commit 8f3d361f authored May 31, 2020 by Fabrice Fontaine Committed by Peter Korsgaard Jun 01, 2020

package/glib-networking: security bump to version 2.62.4



- Fix CVE-2020-13645: In GNOME glib-networking through 2.64.2, the
  implementation of GTlsClientConnection skips hostname verification of
  the server's TLS certificate if the application fails to specify the
  expected server identity. This is in contrast to its intended
  documented behavior, to fail the certificate verification.
  Applications that fail to provide the server identity, including Balsa
  before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the
  certificate is valid for any host.
- Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: bump to 2.62.4 rather than 2.64.3]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

parent 3a9261dd

Hide whitespace changes

Inline Side-by-side

Please register or to comment