grilo is vulnerable to man-in-the-middle attack. The grl-net-wc.c
does not enable the TLS certificate verification on the SoupSessionAsync
when it’s creating. allowing an attacker to cause an MITM attack
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
access.redhat.com/errata/RHSA-2021:4339
access.redhat.com/security/updates/classification/#moderate
blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
bugzilla.redhat.com/show_bug.cgi?id=1997161
gitlab.gnome.org/GNOME/grilo/-/issues/146
lists.debian.org/debian-lts-announce/2021/09/msg00010.html
www.debian.org/security/2021/dsa-4964