Bug#702976: epiphany-browser: domainname not checked on https

Christoph Anton Mitterer calestyo at scientia.net
Tue Jul 2 12:35:15 UTC 2013


On Tue, 2013-07-02 at 08:39 +0200, Moritz Muehlenhoff wrote: 
> severity 702976 important
Wow... must really look bad security wise in Debian...

Not only is it not obviously documented that webkit browsers are not
security supported at all
http://www.debian.org/security/
http://www.debian.org/security/faq
(assuming that any users would expect that stuff from main is not
supported, and would therefore even search for such exceptions).

But also you do hide away these bugs,... with higher severity people
would at least have a chance to notice it via apt-listbugs.

Apart from that, the severity simply does not fit as it's defined...

Really outrageous. Guess it becomes time that someone starts an
independent and uncensored security blog about Debian... o.O

Especially since there is an easy "fix" available, disable https in
epiphany.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5165 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20130702/270a2d5c/attachment.bin>


More information about the pkg-gnome-maintainers mailing list