GitLab

Moving this from GNOME Bugzilla. libgrss does not appear to perform any TLS certificate verification because it uses the deprecated SoupSessionAsync, which requires manually enabling certificate verification, rather than a modern SoupSession that has good defaults. This seems to still be broken in 2021, so I'm going to request a CVE.

My Bugzilla report has been public since October 9, 2016, so this is already disclosed.