(CVE-2021-39359) gda-web-provider.c does not perform TLS certificate verification
gda-web-provider.c uses soup_session_sync_new() but does not appear to have any code to enable TLS certificate verification. This looks like the same vulnerability as libgrss#4.
Edited by Michael Catanzaro