DEBIAN-CVE-2016-20011

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2016-20011

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2016-20011.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2016-20011

Upstream

CVE-2016-20011

Published

2021-05-25T21:15:07Z

Modified

2025-09-18T05:19:18Z

Summary

[none]

Details

libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.

References

https://security-tracker.debian.org/tracker/CVE-2016-20011

Affected packages

Debian:11 / libgrss

Package

Name: libgrss
Purl: pkg:deb/debian/libgrss?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libgrss

Package

Name: libgrss
Purl: pkg:deb/debian/libgrss?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}