Your message dated Fri, 09 Jul 2010 15:32:09 +0000
with message-id <[email protected]>
and subject line Bug#510417: fixed in links2 2.3~pre1-1
has caused the Debian Bug report #510417,
regarding links2: silently accepts bad SSL certificates
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
510417: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510417
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: links2
Version: 2.2-1
Severity: grave
Tags: security
Justification: user security hole
Links2 does not validate certificates it receives; as a result, there is
no warning that one is visiting a page with an expired certificate, a
certificate not signed by a trusted authority, or a certificate for the
wrong hostname. As a result, an attacker capable of intercepting one's
packets can launch a man-in-the-middle attack to obtain account numbers,
passwords, etc.
At the very least, the documentation should prominently warn that
links2's HTTPS support is not to be relied upon for sensitive
information.
This is the same issue reported in bug 510348 for the (unrelated) browser
'dillo'.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-openvz-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages links2 depends on:
ii libc6 2.7-16 GNU C Library: Shared libraries
ii libdirectfb-1.0-0 1.0.1-11 direct frame buffer graphics - sha
ii libgpm2 1.20.4-3.1 General Purpose Mouse - shared lib
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libpng12-0 1.2.27-2 PNG library - runtime
ii libssl0.9.8 0.9.8g-14 SSL shared libraries
ii libsvga1 1:1.4.3-27 console SVGA display libraries
ii libtiff4 3.8.2-11 Tag Image File Format (TIFF) libra
ii libx11-6 2:1.1.5-2 X11 client-side library
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
links2 recommends no packages.
links2 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: links2
Source-Version: 2.3~pre1-1
We believe that the bug you reported is fixed in the latest version of
links2, which is due to be installed in the Debian FTP archive:
links2_2.3~pre1-1.debian.tar.gz
to main/l/links2/links2_2.3~pre1-1.debian.tar.gz
links2_2.3~pre1-1.dsc
to main/l/links2/links2_2.3~pre1-1.dsc
links2_2.3~pre1-1_i386.deb
to main/l/links2/links2_2.3~pre1-1_i386.deb
links2_2.3~pre1.orig.tar.gz
to main/l/links2/links2_2.3~pre1.orig.tar.gz
links_2.3~pre1-1_i386.deb
to main/l/links2/links_2.3~pre1-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Axel Beckert <[email protected]> (supplier of updated links2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 09 Jul 2010 17:08:56 +0200
Source: links2
Binary: links2 links
Architecture: source i386
Version: 2.3~pre1-1
Distribution: unstable
Urgency: low
Maintainer: Gürkan Sengün <[email protected]>
Changed-By: Axel Beckert <[email protected]>
Description:
links - Web browser running in text mode
links2 - Web browser running in both graphics and text mode
Closes: 510417 544289 556118
Changes:
links2 (2.3~pre1-1) unstable; urgency=low
.
[Gürkan Sengün]
* New upstream version.
+ Supports UTF-8 (Closes: #544289)
* debian/rules: drop dh_desktop call.
* Bump debhelper version to 7.
* Added debian/watch file.
.
[Axel Beckert]
* Added myself to Uploaders
* Bumped Standards-Version to 3.9.0 (no changes)
* Move to Source Format "3.0 (quilt)"
* Apply patch by Mats Erik Andersson <[email protected]>
abort if an SSL certificate doesn't validate and update it to fit to
2.3pre1 sources. (Closes: #510417)
* Added appropriate prerm and postinst scripts for links, too
(Closes: #556118, LP: #443391)
Checksums-Sha1:
e01e41d9a8727dd86cb818250412e2817eeb40cf 1343 links2_2.3~pre1-1.dsc
90e9674bca07d17c1836c8b6e7a20399d7d12ceb 4195393 links2_2.3~pre1.orig.tar.gz
e88cc9a0d4e4bf019079d995f0a3092f5e2f40e2 36065 links2_2.3~pre1-1.debian.tar.gz
8745a8355abaa9751039f1886da3b6a71adc9085 2002976 links2_2.3~pre1-1_i386.deb
cd79e568844c921f1dcf54cf1dcbebe47fe26179 512384 links_2.3~pre1-1_i386.deb
Checksums-Sha256:
09a074ab906b7629052a588d83328cc702285bcac195e69cc91a79a62d7e40fd 1343
links2_2.3~pre1-1.dsc
c3a08640c29e0db3ed7209a10201f5bccfc4e0b0e2abcaaeef1b3faa068e8389 4195393
links2_2.3~pre1.orig.tar.gz
ccc61a982aad78a0510f0576e03390c246cca5a4a7c3bc19060a2489e8adaa07 36065
links2_2.3~pre1-1.debian.tar.gz
f18f24a1790ded98438b956eff632d3379c9a24b9bee5cab4c681fe0c8320fbd 2002976
links2_2.3~pre1-1_i386.deb
7bfc60da5ff70677b0809cfe53970bd8582260e2f1d699ee8e3c82005471c2bf 512384
links_2.3~pre1-1_i386.deb
Files:
9e6fba6688d1842711b480f927f42a84 1343 web optional links2_2.3~pre1-1.dsc
31218f291a1e31069c070a9f2fd5aa42 4195393 web optional
links2_2.3~pre1.orig.tar.gz
c5a14f2baed6cfc3002cc5ebafb3d463 36065 web optional
links2_2.3~pre1-1.debian.tar.gz
3213a6c1407afdbdb3228a42c77f46b7 2002976 web optional
links2_2.3~pre1-1_i386.deb
aba87ed2bd01c0c250c3a4012b8764db 512384 web optional links_2.3~pre1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkw3PZEACgkQwJ4diZWTDt7CHgCdFG9Omxh8PmQJDWf1lxmlWlDh
0AkAnimjZNQVmPa5NA1dniSJDzwqvAj5
=gbta
-----END PGP SIGNATURE-----
--- End Message ---
