Mageia 2021-0491: fossil security update
Summary
Client-side TLS so that it verifies that the server hostname matches its
certificate (Fixed in fossil 2.14.2).
A data exfiltration bug in the server (Fixed in fossil 2.14.1).
References
- https://bugs.mageia.org/show_bug.cgi?id=29266
- https://fossil-scm.org/home/doc/trunk/www/changes.wiki#v2_14
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AQ44KVDTB6D2MENE7C2YPVCSV3BXT3B4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JBTRZ5HCOUTIIKJF3T37NORI4P7EVYCY/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name
Resolution
MGASA-2021-0491 - Updated fossil packages fix security vulnerability
SRPMS
- 8/core/fossil-2.14.2-1.mga8