Hi, Le mercredi 07 juin 2017 à 12:18 +0200, Wolfgang Wiedmeyer a écrit : > Paul Kocialkowski writes: > Le jeudi 16 mars 2017 à 00:01 +0100, Wolfgang Wiedmeyer a écrit : > > > Signed-off-by: Wolfgang Wiedmeyer <[email protected]> > > > > Does this mean that the issue was fixed in 4.2 and is still there in 6.0? > > That would be quite surprising! > > No, it's not fixed in 4.2. It's a different issue in 6.0, albeit with > the same consequences, as the linked issue explains[1].
I see. > > If both version are still affected, we probably should keep mentioning both, > > as > > Replicant 4.2 is still maintained. > > Agreed, especially as long as there are multiple devices for which a > stable 6.0 is not yet available. But I suggest extending the note for > 4.2 to make clear that it lacks security updates in general. Yes that would be good to have. We don't want to hide the fact that 4.2 is deprecated security-wise. Feel free to submit v2 in that direction so that I/GNUtoo can review/merge it. Thanks! > > > --- > > > freedom-privacy-security-issues.php | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/freedom-privacy-security-issues.php b/freedom-privacy- > > > security- > > > issues.php > > > index 5c05d62..ceb15a5 100644 > > > --- a/freedom-privacy-security-issues.php > > > +++ b/freedom-privacy-security-issues.php > > > @@ -159,7 +159,7 @@ > > > <li>Using <a href="//www.torproje > > > ct.o > > > rg/">Tor</a>; to achieve reliable anonymity, for instance with <a > > > href="//www. > > > torproject.org/docs/android.html.en">Orbot</a>; on Replicant.</li> > > > <li>Using <a href="https://silenc > > > e.im > > > /">Silence</a>; to encrypt SMS messages.</li> > > > <li>If the device is telephony- > > > enabled, switching the modem to airplane mode or (when possible) turning > > > it > > > off when not in use, to avoid being tracked at all times.</li> > > > - <li>Browsers using the webview > > > framework (such as the browser shipped with Replicant and <a href="https:/ > > > /git > > > hub.com/anthonycr/Lightning-Browser">Lightning</a>;) are subject to <a > > > href="h > > > ttps://community.rapid7.com/community/metasploit/blog/2015/01/11/google- > > > no- > > > longer-provides-patches-for-webview-jelly-bean-and-prior">various security > > > flaws</a> in Replicant 4.2.</li> > > > + <li>Browsers using the webview > > > framework (such as the browser shipped with Replicant and <a href="https:/ > > > /git > > > hub.com/anthonycr/Lightning-Browser">Lightning</a>;) are subject to <a > > > href="//redmine.replicant.us/issues/1780">various security flaws</a> in > > > Replicant 6.0.</li> > > > </ul> > > > In addition, the <a href="//www.fsf.org/" > > > >Fre > > > e Software Foundation</a> provides a <a href="//www.fsf.org/campaigns/surv > > > eill > > > ance">comprehensive guide to help protect freedom and privacy</a>. > > > </p> > > > > [1] https://redmine.replicant.us/issues/1780 > -- Paul Kocialkowski, developer of free digital technology and hardware support Website: https://www.paulk.fr/ Coding blog: https://code.paulk.fr/ Git repositories: https://git.paulk.fr/ https://git.code.paulk.fr/
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Replicant mailing list [email protected] https://lists.osuosl.org/mailman/listinfo/replicant
