Source: glib-networking Version: 2.80.1-1 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/glib-networking/-/work_items/231 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for glib-networking. CVE-2026-10028[0]: | A flaw was found in glib-networking. A remote attacker can exploit | this vulnerability by presenting a specially crafted certificate | chain to an application that uses glib-networking with the GnuTLS | backend enabled and performs certificate verification. This crafted | chain, which contains circular issuer relationships, can cause an | infinite loop during certificate verification. The unbounded | traversal consumes excessive CPU resources, leading to a denial of | service for the affected process or worker. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-10028 https://www.cve.org/CVERecord?id=CVE-2026-10028 [1] https://gitlab.gnome.org/GNOME/glib-networking/-/work_items/231 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
