[Bug 24332] OpenSSL on secure.wikimedia.org is possibly vulnerable to CVE-2009-3555
https://bugzilla.wikimedia.org/show_bug.cgi?id=24332 Rob Halsell rhals...@wikimedia.org changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution||FIXED -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24332] OpenSSL on secure.wikimedia.org is possibly vulnerable to CVE-2009-3555
https://bugzilla.wikimedia.org/show_bug.cgi?id=24332 Matt McCutchen m...@mattmccutchen.net changed: What|Removed |Added CC||m...@mattmccutchen.net --- Comment #10 from Matt McCutchen m...@mattmccutchen.net 2011-03-10 02:13:56 UTC --- Firefox prints the warning if the server does not use renegotiation indication (https://tools.ietf.org/html/rfc5746), a TLS protocol feature. See https://bugzilla.mozilla.org/show_bug.cgi?id=535649 . I tested with gnutls-cli and both secure.wikimedia.org and bugzilla.wikimedia.org seem to be using renegotiation indication now, so unless someone else sees differently I think this bug can be closed. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24332] OpenSSL on secure.wikimedia.org is possibly vulnerable to CVE-2009-3555
https://bugzilla.wikimedia.org/show_bug.cgi?id=24332 p858snake p858sn...@gmail.com changed: What|Removed |Added Blocks||27946 -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24332] OpenSSL on secure.wikimedia.org is possibly vulnerable to CVE-2009-3555
https://bugzilla.wikimedia.org/show_bug.cgi?id=24332 Rob Halsell rhals...@wikimedia.org changed: What|Removed |Added Status|NEW |ASSIGNED --- Comment #6 from Rob Halsell rhals...@wikimedia.org 2010-07-20 17:17:15 UTC --- The error log on your local system? Which error log specifically? (I can recreate the OS and browser settings, just let me know where the log is.) -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24332] OpenSSL on secure.wikimedia.org is possibly vulnerable to CVE-2009-3555
https://bugzilla.wikimedia.org/show_bug.cgi?id=24332 --- Comment #7 from Bo Adler thum...@alumni.caltech.edu 2010-07-20 17:22:28 UTC --- (In reply to comment #6) The error log on your local system? Which error log specifically? (I can recreate the OS and browser settings, just let me know where the log is.) I misspoke. It's in the Error Console for Firefox. You usually reach it via cmd-shift-J, or ctrl-shift-J. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24332] OpenSSL on secure.wikimedia.org is possibly vulnerable to CVE-2009-3555
https://bugzilla.wikimedia.org/show_bug.cgi?id=24332 Roan Kattouw roan.katt...@gmail.com changed: What|Removed |Added CC||m...@nedworks.org, ||roan.katt...@gmail.com --- Comment #8 from Roan Kattouw roan.katt...@gmail.com 2010-07-20 18:10:40 UTC --- (In reply to comment #4) For the reference: * CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 * Apache announcement: http://marc.info/?l=apache-httpd-announcem=125755783724966w=2 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, We seem to be running Apache 2.2.8, maybe we should upgrade? -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24332] OpenSSL on secure.wikimedia.org is possibly vulnerable to CVE-2009-3555
https://bugzilla.wikimedia.org/show_bug.cgi?id=24332 Platonides platoni...@gmail.com changed: What|Removed |Added CC||platoni...@gmail.com --- Comment #9 from Platonides platoni...@gmail.com 2010-07-20 18:17:51 UTC --- I commented this on #wikimedia-tech in case the fix hadn't been backported by Ubuntu. domas considered that the fix was to change the Server header to hide the version. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24332] OpenSSL on secure.wikimedia.org is possibly vulnerable to CVE-2009-3555
https://bugzilla.wikimedia.org/show_bug.cgi?id=24332 Max Semenik maxsem.w...@gmail.com changed: What|Removed |Added Keywords||shell Component|General/Unknown |Site requests Summary|possible SSL vulnerability |OpenSSL on |(secure.wikimedia.org) |secure.wikimedia.org is ||possibly vulnerable to ||CVE-2009-3555 --- Comment #4 from Max Semenik maxsem.w...@gmail.com 2010-07-10 16:09:24 UTC --- For the reference: * CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 * Apache announcement: http://marc.info/?l=apache-httpd-announcem=125755783724966w=2 -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24332] OpenSSL on secure.wikimedia.org is possibly vulnerable to CVE-2009-3555
https://bugzilla.wikimedia.org/show_bug.cgi?id=24332 Max Semenik maxsem.w...@gmail.com changed: What|Removed |Added AssignedTo|wikibug...@lists.wikimedia. |rhals...@wikimedia.org |org | -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 24332] OpenSSL on secure.wikimedia.org is possibly vulnerable to CVE-2009-3555
https://bugzilla.wikimedia.org/show_bug.cgi?id=24332 --- Comment #5 from Bo Adler thum...@alumni.caltech.edu 2010-07-10 18:54:59 UTC --- (In reply to comment #3) Where is the error appearing? When you first try and visit the site? Yes. I bring up the error log and clear all messages. Then I enter https://secure.wikimedia.org; into the url bar. It appears to me as if the message is generated during the SSL handshake phase, which makes sense if FF is reporting the error based on version number or some such. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
