HCE3-SA-2025-0037
An update for gfbgraph is now available for HCE 3.0
Moderate
HCE 3.0
Security Fix(es):
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. (CVE-2021-39358)
HCE 3.0
gfbgraph-0.2.5-1.hce3.x86_64.rpm
gfbgraph-devel-0.2.5-1.hce3.x86_64.rpm
gfbgraph-0.2.5-1.hce3.aarch64.rpm
gfbgraph-devel-0.2.5-1.hce3.aarch64.rpm