Your message dated Sat, 23 May 2015 23:49:11 +0000
with message-id <[email protected]>
and subject line Bug#783601: fixed in libinfinity 0.6.6-1
has caused the Debian Bug report #783601,
regarding gobby silently accepts expired certificates
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
783601: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783601
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gobby
Version: 0.5.0-4
Severity: serious
X-Debbugs-Cc: [email protected]
Dear Maintainer,
At the moment the certificate of gobby.debian.net is expired (reported
separately as Bug#783599) but Jessie's gobby happily establishes a full
connection to it without any warning. This is a regression since Wheezy,
since it's not the case in gobby-0.5 (version 0.4.94-5), which shows a
warning stating that the certificate has expired with the option to
accept it any way.
It's strange (and perhaps relevant), but if one configures an empty file
as the "Trusted CAs" file in Jessie's gobby's security options, *then*
it lists the connection with a "certificate expired" error next to it in
the Document Browser pane. However, no prompt is shown, so it's not
possible to manually accept the expired certificate.
Cheers!
-- System Information:
Debian Release: 8.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gobby depends on:
ii dpkg 1.17.25
ii libatk1.0-0 2.14.0-1
ii libatkmm-1.6-1 2.22.7-2.1
ii libc6 2.19-18
ii libcairo-gobject2 1.14.0-2.1
ii libcairo2 1.14.0-2.1
ii libcairomm-1.0-1 1.10.0-1.1
ii libgcc1 1:4.9.2-10
ii libgdk-pixbuf2.0-0 2.31.1-2+b1
ii libglib2.0-0 2.42.1-1
ii libglibmm-2.4-1c2a 2.42.0-1
ii libgnutls-deb0-28 3.3.8-6
ii libgsasl7 1.8.0-6
ii libgtk-3-0 3.14.5-1
ii libgtkmm-3.0-1 3.14.0-1
ii libgtksourceview-3.0-1 3.14.1-1
ii libinfgtk3-0.6-0 0.6.5-1
ii libinfinity-0.6-0 0.6.5-1
ii libpango-1.0-0 1.36.8-3
ii libpangocairo-1.0-0 1.36.8-3
ii libpangomm-1.4-1 2.34.0-1.1
ii libsigc++-2.0-0c2a 2.4.0-1
ii libstdc++6 4.9.2-10
ii libunique-3.0-0 3.0.2-2
ii libxml++2.6-2 2.36.0-2.1
ii libxml2 2.9.1+dfsg1-5
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: libinfinity
Source-Version: 0.6.6-1
We believe that the bug you reported is fixed in the latest version of
libinfinity, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Philipp Kern <[email protected]> (supplier of updated libinfinity package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 24 May 2015 01:29:07 +0200
Source: libinfinity
Binary: libinfinity-0.6-dev libinfinity-0.6-doc libinfinity-0.6-dbg
libinfinity-0.6-0 libinfgtk3-0.6-0 infinoted
Architecture: source amd64 all
Version: 0.6.6-1
Distribution: unstable
Urgency: medium
Maintainer: Philipp Kern <[email protected]>
Changed-By: Philipp Kern <[email protected]>
Description:
infinoted - dedicated server for infinote-based collaborative editing
libinfgtk3-0.6-0 - infinote-based collaborative editing (Gtk widgets)
libinfinity-0.6-0 - infinote-based collaborative editing
libinfinity-0.6-dbg - infinote-based collaborative editing - debugging symbols
libinfinity-0.6-dev - infinote-based collaborative editing - development files
libinfinity-0.6-doc - infinote-based collaborative editing - documentation
Closes: 783601
Changes:
libinfinity (0.6.6-1) unstable; urgency=medium
.
* New upstream release
- Check certificates for expiration and weak algorithms even if
the CA is trusted. (Closes: #783601)
Checksums-Sha1:
1323e5c823eed007b6e6e1a3e602cb2f98813196 1895 libinfinity_0.6.6-1.dsc
8ead3b1cc307f7614f5bd01c63b6b83d18f9d18c 1987142 libinfinity_0.6.6.orig.tar.gz
d7f81bd9443c9fd1564d9708c06b928ef681f3f5 12496
libinfinity_0.6.6-1.debian.tar.xz
d8ae52d30f6b9c6997fab32a297b9303da684075 184546 infinoted_0.6.6-1_amd64.deb
b8700774624c9e55383ebea52e6f4b8b8f5e3038 217832
libinfgtk3-0.6-0_0.6.6-1_amd64.deb
9396510c9bdaccc4e395b332ae1766de77196d8b 411998
libinfinity-0.6-0_0.6.6-1_amd64.deb
dca095aa49f98477fcf1a0b2bfdc6137a9798092 1623232
libinfinity-0.6-dbg_0.6.6-1_amd64.deb
bca7ade192e136610807a04c3d9339fea6ccf31e 610356
libinfinity-0.6-dev_0.6.6-1_amd64.deb
2ac9ca58ec9e8ef5a034f500b90c4d55f757e4c4 372446
libinfinity-0.6-doc_0.6.6-1_all.deb
Checksums-Sha256:
d80c07868c35096effd0bbff8cca4da78597fed543a5ce79300587b70935a590 1895
libinfinity_0.6.6-1.dsc
3df9397b52d61392cbe98084aada9b7362a34811ef21baa0db87fdfd754f92cc 1987142
libinfinity_0.6.6.orig.tar.gz
f5465b58db12e793e63247f8cd675db9e91693ea2a24125e9f6b21122d90f6d5 12496
libinfinity_0.6.6-1.debian.tar.xz
c91d8a01672f81e501b3577ea6258d494834dc3baa3d373c350303855c6317f9 184546
infinoted_0.6.6-1_amd64.deb
1b314aba7c527629e98305865c331a3181c7b9ff1af4030cb01c5150605d44a6 217832
libinfgtk3-0.6-0_0.6.6-1_amd64.deb
6f18d0d2366a009187b72a69796e54201ea4f2b35cdd094834475877b6acb12c 411998
libinfinity-0.6-0_0.6.6-1_amd64.deb
7afc5af697c29d0f198660fc89620b6c4a006d520920421b55b2083d35c4cd7a 1623232
libinfinity-0.6-dbg_0.6.6-1_amd64.deb
2d985a9b37d3f297345ae5cd0392d226fd80e84833162dad9c0b6b32d5ec4e87 610356
libinfinity-0.6-dev_0.6.6-1_amd64.deb
e30beb614892c42cf788831bc32c530bc7fb6a66e8e30058eefd9f2988928d0d 372446
libinfinity-0.6-doc_0.6.6-1_all.deb
Files:
0d42ab8324b6b3b537caba4ad7075f21 1895 libs optional libinfinity_0.6.6-1.dsc
c65f9f13f17afb4db2ec8cfaf5f01ce5 1987142 libs optional
libinfinity_0.6.6.orig.tar.gz
061e93350a1342c9fbe24d9449a1009a 12496 libs optional
libinfinity_0.6.6-1.debian.tar.xz
5445e47a0348598813e413beb5a6d9f3 184546 net optional
infinoted_0.6.6-1_amd64.deb
ba5f6a98f9f28c0ea563f8bdeffc19c9 217832 libs optional
libinfgtk3-0.6-0_0.6.6-1_amd64.deb
dfbb9e3ae95b7fab9e79bdc4fe4ac93d 411998 libs optional
libinfinity-0.6-0_0.6.6-1_amd64.deb
be64f34f0d5ccf97334a3039d6929a6b 1623232 debug extra
libinfinity-0.6-dbg_0.6.6-1_amd64.deb
8c6f4a37884a5168e05bec201aab9549 610356 libdevel optional
libinfinity-0.6-dev_0.6.6-1_amd64.deb
db38b909539784f390269138e894bdfc 372446 doc optional
libinfinity-0.6-doc_0.6.6-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJVYQ+oAAoJEERuJUU10Fbsd/sH/RmCXM1K+2Rc31JvOJOxwz6R
Ow6tEAWD4/uV6ehpXtJB8ZvT+aQUS2br1lIbzdHNO6fgPt56WoaH95DVuVhe+AXX
vHy5D8T4V/3iFrRL9d/UzT46FnQJPX2M62kQ0lynQhi2dOJptcneS6KZzWxRAHXK
2MpjOvI/L9pp36IFlpsmqFX7j/LM/uW1XyYz+y9Nxi4kk/x0IeEAsC5caDhn5WUE
+YzTMmTGA2CS1camoqW8mfhmfTm5Oc7eK1+QEwAE3UaV2MH3lgItePA9/coJUVWy
lDAZSM5qFI5ohPIybAPYq7yOXt3bkGfCqqPxs1VvkHpQmDMJ0EuVvRHsQ6d0cNg=
=raMU
-----END PGP SIGNATURE-----
--- End Message ---
