It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information.
Continue reading...
Continue reading...