-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.3170
                           grilo security update
                             22 September 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           grilo
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Provide Misleading Information -- Remote/Unauthenticated
                   Access Confidential Data       -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-39365  

Reference:         ESB-2021.3062
                   ESB-2021.2915

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2021/09/msg00010.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2762-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 22, 2021                            https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : grilo
Version        : 0.3.2-2+deb9u1
CVE ID         : CVE-2021-39365


An issue has been found in grilo, a framework for discovering and browsing 
media. Due to missing TLS certificate verification, users are vulnerable 
to network MITM attacks.


For Debian 9 stretch, this problem has been fixed in version
0.3.2-2+deb9u1.

We recommend that you upgrade your grilo packages.

For the detailed security status of grilo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/grilo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmFKV3dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdmeRAAlbiqx0HW+AUlC1r509FSDWRqSCoMpNCB2q8RqlRiBe0nFywk62iqCRof
OBWJcAyZvHjnp0DTdtYI7gDjuGe+6taQYYLLRLIQl+TomH88y9cIEgQ1r5EJUIyy
AZLHxVtbxft3pdKe/yv3/fZoe1xliLO6mepq9+mzfrECJnK6Vfum8lvHua5PtTtD
Ffywdfkb16SVHucTmAsAHPGPPd4NRuApNAx2OUrSApMt3h/SnfaEWd0fVxrckLHF
fjVx8iqOt6TdnJWllJx/9A6HiVcjXdo6Epmbtd6u9IhEWtOfoj3s5o5ZptmSCcYi
mE0Sl9osVBWraPPFBVaGt6vKJ2wWIzhQgwUkN+Uw+EkiMkAfOHLAougUNJBTrgAf
42I0MiaQjVgZo7yURfr/6t9ZxWoYx2ndLbMMeF93egyyq9d2kiTJM+7Uv3rPRj9t
2uS8C0thL4mqNpVIyKvZ5PN3ZlMhJxMd1RUBpf19W2xpJmKMoTLxf9VvMChFyvL1
XTYZC35afhzSWVIVn//vn+uEVMLHY6q9h8Y1DtHnmtQgdEpClatWAFKYb4lUFD8M
8cYG9f3isG6Y6DCch47iJnAg/kb6mnYa/2WTKNzI33Cf0Ts0yNueGNVKiGVXKwpt
u5YP1cnvuJyXF0i1+AkfltZlK4s4TfNDP5a7yHbWo+3IV7sNhZ8=
=glxU
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYUqTN+NLKJtyKPYoAQjWKA//ZmXCHbUXOaps/8vuJlkFtOmYK8yFg1u8
vEXlFehii5efo9Hw3JQmHApOnMCp1QY3Wmwqnfq22RQSqLaSklWlz1hOQ2B//4wP
VrX54pS1CwQ0vgJ8UZyJnjgtCLQhInSW7w3p8ULUurHBpfT+oAHTQFvmnlbgRr0O
Fx9hAqPWIth+hKPeblMqYIyDbYX3+V8/CV2a7ffTHzwmqaf2LPXbwg7AwQSmrDE4
p5km4yHvdkyrVvpt6LGm92ffvHBEyBVQcE5luOm6wscd87QTA7HLNujKGEeECABg
BpMPmErplDJONziwsS+Yq9tkisCAKo7btDpS7WsGb3T/MXQGy60K8z7Ce6bistnB
4TejnsretK/QEAL54j3ho8RpayB4MeRsW/gxPUCoc3rWfrTgD3/obiAP7aWzz6pa
Xus9tLod/wGEUggV/s7psXlP8D8PSTaprBSW/COcjzg4lM8V9vs1cS4cCY5uGnZo
0ph3Udk/fGXHZUrG/118jj9/iMHHwJ9KFAIxbPwUxO42On0utM4KygLAXyFh/7Zg
rf0FJIV9M7LKkpBsIjqGZfekk9Q7GIHulTGg4DDTWCgRQUreQ1IUXMIcKZ/bnwJB
A73YVnZ0CPFs9XljHnOZzYHvQul7M+clFwK4UwlUxuR1+InRINZITuy1TRzCLCvk
fLCeIMiij9Y=
=uSRj
-----END PGP SIGNATURE-----