Bug#783579: epiphany-browser: leaks DNS queries when used with Tor
Christoph Anton Mitterer
calestyo at scientia.net
Mon Jun 1 16:49:40 UTC 2015
On Mon, 2015-06-01 at 05:30 +0200, Michael Biebl wrote:
> Please file this issue upstream and report back with the bug number.
I kindly ask someone else to report this upstream.
My past experience has shown that upstream has no interest in security,
e.g. when I reported the extremely critical bug that each of epiphany's
TLS connections can be immediately hacked by simply redirecting.
That was denied at first and IIRC is still not solved.
I've just noted this further security issue by accident and reported it
for the benefit of other Debian users, e.g. the package description
could warn about the great security deficiencies in epiphany (at least
if the TLS bug is still open) or the product could be removed from
Debian altogether.
That being said, I consider contributing upstream a waste of time since
there seem to be no interest in security, which is why I'd ask someone
else to take these struggles.
> control: severity -1 important
Oh and I don't think that this is appropriate.
It basically means that this bug is hidden away unless people manually
search the BTS (apt-listbugs won't show it with just important).
And since a non working Tor can mean much more critical things to some
people than anything our severities covers, from torture to death, we
should rather employ the loudest bells and whistles to inform anyone
that epiphany cannot be securely used with Tor.
Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20150601/37ac2768/attachment.bin>
More information about the pkg-gnome-maintainers
mailing list