{"schema_version":"1.7.2","id":"OESA-2022-1937","modified":"2022-09-23T11:04:19Z","published":"2022-09-23T11:04:19Z","upstream":["CVE-2021-39358"],"summary":"gfbgraph security update","details":"GLib/GObject wrapper for the Facebook Graph API that integrates with GNOME Online Accounts.\r\n\r\nSecurity Fix(es):\r\n\r\nIn GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.(CVE-2021-39358)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"gfbgraph","purl":"pkg:rpm/openEuler/gfbgraph\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.2.3-2.oe1"}]}],"ecosystem_specific":{"aarch64":["gfbgraph-debuginfo-0.2.3-2.oe1.aarch64.rpm","gfbgraph-0.2.3-2.oe1.aarch64.rpm","gfbgraph-debugsource-0.2.3-2.oe1.aarch64.rpm","gfbgraph-devel-0.2.3-2.oe1.aarch64.rpm"],"src":["gfbgraph-0.2.3-2.oe1.src.rpm"],"x86_64":["gfbgraph-debuginfo-0.2.3-2.oe1.x86_64.rpm","gfbgraph-0.2.3-2.oe1.x86_64.rpm","gfbgraph-devel-0.2.3-2.oe1.x86_64.rpm","gfbgraph-debugsource-0.2.3-2.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1937"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39358"}],"database_specific":{"severity":"Medium"}}