Bug#702976: epiphany-browser: domainname not checked on https

[Christoph Anton Mitterer]

severity 702976 critical
stop

Hi Julien.

I've just seen that you lowered the severity of this bug (already months
ago) without giving any further explanation (which I consider quite
rude, to be hones), and apparently without understanding it's
criticality at all...

As it was shown by examples, this bug breaks the whole point of SSL, ...
and it's quite shocking to see that such issues are not understood at
all by the relevant people and simple hide away (to "important"), given
that it makes one wonder, at how many other places in Debian the same
happens.


Next time when you blindly change the severity of security related issue
than please have a closer look.
The fact that this already has a CVE makes your severity-change even
more disturbing.


I'm adding the security team now, which I ask to investigate into
this,...
Unfortunately this totally broken version leaked into wheezy as well.


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5165 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20130701/0a0fd60b/attachment-0001.bin>