Bug#548567: in epiphany-webkit
Sam Morris
sam at robots.org.uk
Wed Nov 4 11:19:19 UTC 2009
Package: epiphany-webkit
Version: 2.28.1-1
Severity: grave
Tags: security
I just found out that epiphany-webkit does not even validate
certificates any more!
IMHO this is a grave security issue. Users are exposed to
man-in-the-middle attacks and potentially even legal liability
Upstream bug filed at
<https://bugzilla.gnome.org/show_bug.cgi?id=600663>.
Oh, and I just re-read kov's message to this bug. I'm happy to file
separate bugs for each issue. I just didn't because I thought it would
annoy everyone to do it that way. I'll try to do it this weekend when I
have some time. :)
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (530, 'testing'), (520, 'unstable'), (400, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages epiphany-webkit depends on:
ii epiphany-browser 2.28.1-1 Intuitive GNOME web browser
epiphany-webkit recommends no packages.
epiphany-webkit suggests no packages.
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list