Neal Gompa gmail.com> writes:
> Is there a simple way to test if the issue is a problem on Fedora? I
> don't even know of any sites with TLS 1.2 using MD5 signatures,
> especially when Chrome "broke" signatures that weren't SHA-256 or
> better for SSLv3 and stronger a year ago...
I guess one
Eric Griffith gmail.com> writes:
> Is there any reason Fedora would not...? Regardless you could diff the
source code that was used to make the 43.0.1-fedora RPM vs whats in 43.0.2
and see if the hole is unpatched.
There may be a reason. Fedora relies on NSS/NSPR packages for some of the
stuff
On Tue, Dec 29, 2015 at 4:13 PM, Bojan Smojver wrote:
> Eric Griffith gmail.com> writes:
>
>> Is there any reason Fedora would not...? Regardless you could diff the
> source code that was used to make the 43.0.1-fedora RPM vs whats in 43.0.2
> and see if the hole is
Release notes for FF 43.0.2 say that a security issue was fixed (MD5
signatures accepted within TLS 1.2 ServerKeyExchange in server
signature). Does this not affect Fedora builds?
PS. The link to that security issue is broken (https://www.mozilla.org/
en-US/security/advisories/mfsa2015-150/), so
Am 28.12.2015 um 22:57 schrieb Bojan Smojver:
Release notes for FF 43.0.2 say that a security issue was fixed (MD5
signatures accepted within TLS 1.2 ServerKeyExchange in server
signature). Does this not affect Fedora builds?
what do you try to tell us with that question?
On Mon, 28 Dec 2015 23:44:51 +0100, Reindl Harald wrote:
> Am 28.12.2015 um 22:57 schrieb Bojan Smojver:
> > Release notes for FF 43.0.2 say that a security issue was fixed (MD5
> > signatures accepted within TLS 1.2 ServerKeyExchange in server
> > signature). Does this not affect Fedora builds?
Reindl Harald thelounge.net> writes:
> what do you try to tell us with that question?
I'm trying to establish whether Fedora needs a 43.0.2 (or better) build of
FF in order to close this security hole.
--
Bojan
--
devel mailing list
devel@lists.fedoraproject.org
On Dec 28, 2015 18:02, "Bojan Smojver" wrote:
>
> Reindl Harald thelounge.net> writes:
>
> > what do you try to tell us with that question?
>
> I'm trying to establish whether Fedora needs a 43.0.2 (or better) build of
> FF in order to close this security hole.
>
Is there