[Bugs] [Bug 13298] New: [CVE 21] pidgin 2.14.6 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13298

          Platform: 2021.1
            Bug ID: 13298
           Summary: [CVE 21] pidgin 2.14.6  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2022-26491,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package pidgin version 2.14.6

INFO (CVEs are): pidgin 2.14.6
 cves found
CVE-2022-26491
Desc: An issue was discovered in Pidgin before 2.14.9. A remote attacker who
can spoof DNS responses can redirect a client connection to a malicious server.
The client will perform TLS certificate verification of the malicious domain
name instead of the original XMPP service domain, allowing the attacker to take
over control over the XMPP connection and to obtain user credentials and all
communication content. This is similar to CVE-2022-24968.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-26491
Severity: MEDIUM

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/c5597d56/attachment.html>