Updated fossil packages fix security vulnerability
Publication date: 27 Oct 2021Modification date: 14 Feb 2024
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-36377
Description
Client-side TLS so that it verifies that the server hostname matches its certificate (Fixed in fossil 2.14.2). A data exfiltration bug in the server (Fixed in fossil 2.14.1).
References
- https://bugs.mageia.org/show_bug.cgi?id=29266
- https://fossil-scm.org/home/doc/trunk/www/changes.wiki#v2_14
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AQ44KVDTB6D2MENE7C2YPVCSV3BXT3B4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JBTRZ5HCOUTIIKJF3T37NORI4P7EVYCY/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36377
SRPMS
8/core
- fossil-2.14.2-1.mga8