VulnerableCode Package Details - pkg:deb/debian/qpid-proton@0?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6xkf-evrx-pyau	Exposure of Sensitive Information to an Unauthorized Actor The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.	CVE-2016-2166 GHSA-f5cf-f7px-xpmh
VCID-ub9u-zwzs-qbhn	The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.	CVE-2016-4467

Vulnerability

Summary

Aliases

VCID-6xkf-evrx-pyau

Exposure of Sensitive Information to an Unauthorized Actor The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

CVE-2016-2166
GHSA-f5cf-f7px-xpmh

VCID-ub9u-zwzs-qbhn

The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.

CVE-2016-4467

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:31:43.445880+00:00	Debian Importer	Fixing	VCID-6xkf-evrx-pyau	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:16:10.554207+00:00	Debian Importer	Fixing	VCID-ub9u-zwzs-qbhn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-11T18:21:11.821644+00:00	Debian Importer	Fixing	VCID-6xkf-evrx-pyau	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:11:45.182789+00:00	Debian Importer	Fixing	VCID-ub9u-zwzs-qbhn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:51:30.530984+00:00	Debian Importer	Fixing	VCID-ub9u-zwzs-qbhn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:30.488193+00:00	Debian Importer	Fixing	VCID-6xkf-evrx-pyau	https://security-tracker.debian.org/tracker/data/json	38.1.0