Package: chromium-browser Version: 37.0.2062.120-1~deb7u1 Severity: important Tags: security
The well-publicised POODLE vulnerability in SSLv3 has led to general recommendations that SSLv3 should be disabled at both the server and client level. In order to disable SSLv3 in Chromium, one currently has to invoke it with --ssl-version-min=tls1 which is not very user-friendly. I think that disabling this by default in a DSA update is appropriate here. This change has already been made in Iceweasel as of 31.2.0esr-2~deb7u1. [1] <https://www.ssllabs.com/ssltest/viewMyClient.html> -- System Information: Debian Release: 7.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages chromium-browser depends on: ii chromium 37.0.2062.120-1~deb7u1 chromium-browser recommends no packages. chromium-browser suggests no packages. -- no debconf information -- debsums errors found: dpkg-query: warning: parsing file '/var/lib/dpkg/status' near line 69365 package 'funny-manpages': missing architecture dpkg-divert: warning: parsing file '/var/lib/dpkg/status' near line 69365 package 'funny-manpages': missing architecture -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org