MGASA-2020-0390

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0390.html

Import Source

https://advisories.mageia.org/MGASA-2020-0390.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0390

Related

CVE-2020-24661

Published

2020-10-21T13:07:53Z

Modified

2020-10-21T12:33:45Z

Summary

Updated geary package fixes a security vulnerability

Details

GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail. (CVE-2020-24661)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / geary

Package

Name: geary
Purl: pkg:rpm/mageia/geary?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.32.1-1.1.mga7

Ecosystem specific

{
    "section": "core"
}