CVE-2021-39360

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

References

Affected packages

Debian:11 / libzapojit

Package

Name: libzapojit
Purl: pkg:deb/debian/libzapojit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0.3-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.gnome.org/GNOME/libzapojit

Affected ranges

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/libzapojit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c56bc2a1ba226833dbd3e06f4c99a7d86cbe916f

Affected versions

0.*

0.0.1

0.0.2

0.0.3