MGASA-2021-0491
- Source
- https://advisories.mageia.org/MGASA-2021-0491.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0491.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2021-0491
- Upstream
- Published
- 2021-10-27T12:13:28Z
- Modified
- 2026-04-16T04:42:35.122638067Z
- Summary
- Updated fossil packages fix security vulnerability
- Details
-
Client-side TLS so that it verifies that the server hostname matches its certificate (Fixed in fossil 2.14.2).
A data exfiltration bug in the server (Fixed in fossil 2.14.1).
- References
-
- https://advisories.mageia.org/MGASA-2021-0491.html
- https://bugs.mageia.org/show_bug.cgi?id=29266
- https://fossil-scm.org/home/doc/trunk/www/changes.wiki#v2_14
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AQ44KVDTB6D2MENE7C2YPVCSV3BXT3B4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JBTRZ5HCOUTIIKJF3T37NORI4P7EVYCY/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / fossil
Package
- Name
- fossil
- Purl
- pkg:rpm/mageia/fossil?arch=source&distro=mageia-8