severity 702976 important
thanks
On Mon, Jul 01, 2013 at 03:38:13PM +0200, Christoph Anton Mitterer wrote:
I'm adding the security team now, which I ask to investigate into
this,...
Unfortunately this totally broken version leaked into wheezy as well.
Michael Gilbert is a member of the
On Tue, 2013-07-02 at 08:39 +0200, Moritz Muehlenhoff wrote:
severity 702976 important
Wow... must really look bad security wise in Debian...
Not only is it not obviously documented that webkit browsers are not
security supported at all
http://www.debian.org/security/
On Tue, Jul 02, 2013 at 02:35:15PM +0200, Christoph Anton Mitterer wrote:
On Tue, 2013-07-02 at 08:39 +0200, Moritz Muehlenhoff wrote:
severity 702976 important
Wow... must really look bad security wise in Debian...
Not only is it not obviously documented that webkit browsers are not
severity 702976 critical
stop
Hi Julien.
I've just seen that you lowered the severity of this bug (already months
ago) without giving any further explanation (which I consider quite
rude, to be hones), and apparently without understanding it's
criticality at all...
As it was shown by examples,
control: tag -1 confirmed
On Wed, Mar 13, 2013 at 12:29 PM, Christoph Anton Mitterer wrote:
It seems that epiphany does at least not check the domainname correctly
when connection to a site via https.
For example, when I go to:
https://physik.lmu.de/~mitterer/
it redirects me automatically
Package: epiphany-browser
Version: 3.4.2-2.1
Severity: critical
Tags: security
Justification: breaks unrelated software
Hi.
Marking this as critical/breask-unrealted-software, as it may allow
attackers to spoof people into downloading forged software/etc.
It seems that epiphany does at least
Le mercredi 13 mars 2013 à 17:29 +0100, Christoph Anton Mitterer a
écrit :
It seems that epiphany does at least not check the domainname correctly
when connection to a site via https.
For example, when I go to:
https://physik.lmu.de/~mitterer/
it redirects me automatically to
On Wed, 2013-03-13 at 23:23 +0100, Josselin Mouette wrote:
I don’t even see it as a bug.
Of course it is...
Otherwise I could easily mitm every connection... o.O
Epiphany treats the first site as a self-signed one, which thus has the
same level of security as a non-encrypted connection.
And
8 matches
Mail list logo