Your message dated Wed, 09 Apr 2014 16:57:13 +0200 with message-id <[email protected]> and subject line Re: Bug#744024: chromium: check for server certificate revocation is not enabled by default has caused the Debian Bug report #744024, regarding chromium: check for server certificate revocation is not enabled by default to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 744024: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744024 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: chromium Version: 33.0.1750.152-1 Severity: grave Tags: security Justification: user security hole http://code.google.com/p/chromium/issues/detail?id=361568 What steps will reproduce the problem? 1. Go to the settings. 2. Choose advanced settings. 3. See HTTPS/SSL. What is the expected result? "Check for server certificate revocation" should be ticked by default. What happens instead? It isn't ticked by default (see attached snapshot). Checking for server certificate revocation is crucial, in particular after the OpenSSL heartbleed bug: keys may have been compromised, and many certificates will be revoked. Another user has noticed the issue about this setting: https://twitter.com/cbrocas/status/453799729638297600 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11-2-amd64 (SMP w/2 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages chromium depends on: ii chromium-inspector 33.0.1750.152-1 ii gconf-service 3.2.6-2 ii libasound2 1.0.27.2-3 ii libatk1.0-0 2.12.0-1 ii libc6 2.18-4 ii libcairo2 1.12.16-2 ii libcap2 1:2.22-1.2 ii libcups2 1.7.1-12 ii libdbus-1-3 1.8.0-3 ii libexpat1 2.1.0-4 ii libfontconfig1 2.11.0-5 ii libfreetype6 2.5.2-1 ii libgcc1 1:4.8.2-19 ii libgconf-2-4 3.2.6-2 ii libgcrypt11 1.5.3-4 ii libgdk-pixbuf2.0-0 2.30.6-1 ii libglib2.0-0 2.40.0-2 ii libgnome-keyring0 3.8.0-2 ii libgtk2.0-0 2.24.23-1 ii libjpeg8 8d-2 ii libnspr4 2:4.10.4-1 ii libnss3 2:3.16-1 ii libpango-1.0-0 1.36.3-1 ii libpangocairo-1.0-0 1.36.3-1 ii libspeechd2 0.8-6 ii libspeex1 1.2~rc1.1-1 ii libstdc++6 4.8.2-19 ii libudev1 204-8 ii libx11-6 2:1.6.2-1 ii libxcomposite1 1:0.4.4-1 ii libxdamage1 1:1.1.4-1 ii libxext6 2:1.3.2-1 ii libxfixes3 1:5.0.1-1 ii libxi6 2:1.7.2-1 ii libxml2 2.9.1+dfsg1-3 ii libxrender1 1:0.9.8-1 ii libxslt1.1 1.1.28-2 ii libxss1 1:1.2.2-1 ii libxtst6 2:1.2.2-1 ii xdg-utils 1.1.0~rc1+git20111210-7 chromium recommends no packages. Versions of packages chromium suggests: pn chromium-l10n <none> pn mozplugger <none> -- no debconf information<<attachment: settings.png>>
--- End Message ---
--- Begin Message ---Hi, On 09/04/2014 14:32, Vincent Lefevre wrote: > Checking for server certificate revocation is crucial, in particular > after the OpenSSL heartbleed bug: keys may have been compromised, and > many certificates will be revoked. Unfortunately revocation checking doesn't do what you hope. https://news.ycombinator.com/item?id=7556909 Cheers, Giuseppe
signature.asc
Description: OpenPGP digital signature
--- End Message ---
