Package: osc
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for osc.

CVE-2019-3685[0]:
Fails to adequately verify TLS certificates allowing for a man in the middle 
attack

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

Sadly, little information is known at the moment:

[0] https://security-tracker.debian.org/tracker/CVE-2019-3685
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3685
    https://bugzilla.redhat.com/show_bug.cgi?id=1737797

To the least, it would help to know which versions are affected.
Please adjust the affected versions in the BTS as needed.

Cheers!
Sylvain Beucler
Debian LTS Team

Reply via email to