Bug#672880: CVE-2012-2132: does not indicate whether or not an SSL certificate is valid

Moritz Muehlenhoff jmm at inutil.org
Tue Oct 9 21:30:58 UTC 2012


reassign 672880 midori
severity 672880 normal
thanks

On Fri, Sep 07, 2012 at 01:47:54PM +0200, Josselin Mouette wrote:
> Le jeudi 06 septembre 2012 à 18:05 +0200, Moritz Muehlenhoff a écrit : 
> > On Mon, May 14, 2012 at 03:29:05PM +0300, Henri Salo wrote:
> > > Package: libsoup2.4-1
> > > Version: 2.30.2-1+squeeze1
> > > Severity: important
> > > Tags: security
> > > 
> > > References:
> > > https://bugzilla.novell.com/show_bug.cgi?id=758431
> > > https://bugzilla.redhat.com/show_bug.cgi?id=817692
> > > 
> > > This needs verification. Please ask if you need my help.
> > 
> > What's the status?
> 
> Epiphany in squeeze is not affected.  It displays correctly the validity
> status of a certificate, using the root authority in ca-certificates.
> 
> From the comments in the upstream report, Midori might be affected
> though.

I agree this is rather a bug in Midori than in libsoup. Reassigning.

I'm lowering the severity since Midori isn't covered by security support
anyway (being webkit-based).

Cheers,
        Moritz



More information about the pkg-gnome-maintainers mailing list