Bug#672880: CVE-2012-2132: does not indicate whether or not an SSL certificate is valid
Moritz Muehlenhoff
jmm at inutil.org
Tue Oct 9 21:30:58 UTC 2012
reassign 672880 midori
severity 672880 normal
thanks
On Fri, Sep 07, 2012 at 01:47:54PM +0200, Josselin Mouette wrote:
> Le jeudi 06 septembre 2012 à 18:05 +0200, Moritz Muehlenhoff a écrit :
> > On Mon, May 14, 2012 at 03:29:05PM +0300, Henri Salo wrote:
> > > Package: libsoup2.4-1
> > > Version: 2.30.2-1+squeeze1
> > > Severity: important
> > > Tags: security
> > >
> > > References:
> > > https://bugzilla.novell.com/show_bug.cgi?id=758431
> > > https://bugzilla.redhat.com/show_bug.cgi?id=817692
> > >
> > > This needs verification. Please ask if you need my help.
> >
> > What's the status?
>
> Epiphany in squeeze is not affected. It displays correctly the validity
> status of a certificate, using the root authority in ca-certificates.
>
> From the comments in the upstream report, Midori might be affected
> though.
I agree this is rather a bug in Midori than in libsoup. Reassigning.
I'm lowering the severity since Midori isn't covered by security support
anyway (being webkit-based).
Cheers,
Moritz
More information about the pkg-gnome-maintainers
mailing list