CVE-2012-1177

NameCVE-2012-1177
Descriptionlibgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2482-1
Debian Bugs664032

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libgdata (PTS)buster0.17.9-3fixed
bullseye0.17.13-3fixed
bookworm0.18.1-2fixed
trixie0.18.1-4fixed
sid0.18.1-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libgdatasourcesqueeze0.6.4-2+squeeze1DSA-2482-1
libgdatasource(unstable)0.10.2-1664032

Notes

https://www.openwall.com/lists/oss-security/2012/03/14/3
Search for package or bug name: Reporting problems