Accepting request 838610 from home:AndreasStieger:branches:X11:XOrg

add CVE-2020-26117 to changelog OBS-URL: https://build.opensuse.org/request/show/838610 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=191
2020-09-30 01:43:13 +00:00 · 2020-09-30 01:43:13 +00:00 · 4411d59393
commit 4411d59393
parent 849f8f0e68
1 changed files with 5 additions and 2 deletions
--- a/tigervnc.changes
+++ b/tigervnc.changes
@ -1,9 +1,12 @@
 -------------------------------------------------------------------
 Fri Sep 25 10:38:58 UTC 2020 - Stefan Dirsch <sndirsch@suse.com>

- U_0001-Properly-store-certificate-exceptions.patch,
+- CVE-2020-26117: Server certificates were stored as certiticate
+  authoritied, allowing malicious owners of these certificates
+  to impersonate any server after a client had added an exception
+  (boo#1176733)
+  U_0001-Properly-store-certificate-exceptions.patch,
  U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch
-  * Properly store certificate exceptions (boo#1176733)
 - adjusted u_tigervnc-add-autoaccept-parameter.patch

 -------------------------------------------------------------------