{"id":"MGASA-2020-0314","summary":"Updated glib-networking packages fix security vulnerability","details":"The updated packages fix a security vulnerability:\n\nIn GNOME glib-networking through 2.64.2, the implementation of\nGTlsClientConnection skips hostname verification of the server's\nTLS certificate if the application fails to specify the expected\nserver identity. This is in contrast to its intended documented\nbehavior, to fail the certificate verification. Applications that\nfail to provide the server identity, including Balsa before 2.5.11\nand 2.6.x before 2.6.1, accept a TLS certificate if the certificate\nis valid for any host. (CVE-2020-13645)\n","modified":"2026-04-16T04:42:03.781654927Z","published":"2020-08-16T11:09:34Z","upstream":["CVE-2020-13645"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0314.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26819"},{"type":"ADVISORY","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13645"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TQEQJQ4XFMFCFJTEXKL2ZO3UELBPCKSK/"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4405-1"}],"affected":[{"package":{"name":"glib-networking","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/glib-networking?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.60.2-1.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0314.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}