Hi, Paul Kocialkowski writes:
> Hi, > > Le jeudi 16 mars 2017 à 00:01 +0100, Wolfgang Wiedmeyer a écrit : >> Signed-off-by: Wolfgang Wiedmeyer <[email protected]> > > Does this mean that the issue was fixed in 4.2 and is still there in 6.0? > That would be quite surprising! No, it's not fixed in 4.2. It's a different issue in 6.0, albeit with the same consequences, as the linked issue explains[1]. > If both version are still affected, we probably should keep mentioning both, > as > Replicant 4.2 is still maintained. Agreed, especially as long as there are multiple devices for which a stable 6.0 is not yet available. But I suggest extending the note for 4.2 to make clear that it lacks security updates in general. >> --- >> freedom-privacy-security-issues.php | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security- >> issues.php >> index 5c05d62..ceb15a5 100644 >> --- a/freedom-privacy-security-issues.php >> +++ b/freedom-privacy-security-issues.php >> @@ -159,7 +159,7 @@ >> <li>Using <a href="//www.torproject.o >> rg/">Tor</a>; to achieve reliable anonymity, for instance with <a >> href="//www. >> torproject.org/docs/android.html.en">Orbot</a>; on Replicant.</li> >> <li>Using <a href="https://silence.im >> /">Silence</a>; to encrypt SMS messages.</li> >> <li>If the device is telephony- >> enabled, switching the modem to airplane mode or (when possible) turning it >> off when not in use, to avoid being tracked at all times.</li> >> - <li>Browsers using the webview >> framework (such as the browser shipped with Replicant and <a >> href="https://git >> hub.com/anthonycr/Lightning-Browser">Lightning</a>;) are subject to <a >> href="h >> ttps://community.rapid7.com/community/metasploit/blog/2015/01/11/google-no- >> longer-provides-patches-for-webview-jelly-bean-and-prior">various security >> flaws</a> in Replicant 4.2.</li> >> + <li>Browsers using the webview >> framework (such as the browser shipped with Replicant and <a >> href="https://git >> hub.com/anthonycr/Lightning-Browser">Lightning</a>;) are subject to <a >> href="//redmine.replicant.us/issues/1780">various security flaws</a> in >> Replicant 6.0.</li> >> </ul> >> In addition, the <a href="//www.fsf.org/">Fre >> e Software Foundation</a> provides a <a >> href="//www.fsf.org/campaigns/surveill >> ance">comprehensive guide to help protect freedom and privacy</a>. >> </p> [1] https://redmine.replicant.us/issues/1780 -- Website: https://fossencdi.org OpenPGP: 0F30 D1A0 2F73 F70A 6FEE 048E 5816 A24C 1075 7FC4 Key download: https://wiedmeyer.de/keys/ww.asc
signature.asc
Description: PGP signature
_______________________________________________ Replicant mailing list [email protected] https://lists.osuosl.org/mailman/listinfo/replicant
