On 08/31/2011 03:07 PM, Justin Wood (Callek) wrote: > On 8/31/2011 5:39 PM, NoOp wrote: >> On 08/31/2011 12:10 PM, Justin Wood (Callek) wrote: >>> On 8/31/2011 11:43 AM, Rostyslaw Lewyckyj wrote: >> ... >>>> After reading the other postings dealing with 2.3.2, I get the distinct >>>> impression that the botched 2.3.2 release was a *panic* "Get it out the >>>> door quick", reaction to the recent security breach event. >>>> Will y'all fix 2.3.2 , and dot the ts and cross the is before >>>> re releasing? >>> >>> 2.3.2 was a "panic" release, because it was an issue actively exploiting >>> users in the wild, on that release day, and had been for a while :( . >>> >>> The only issue with SeaMonkey 2.3.2 that was not in Firefox 6.0.1 was >>> our reported version string. Sadly, that had a few user facing "what, >>> why, do I have the right version" feelings. >>> >>> Luckily (or unluckily depending on your POV) there is a new chemspill >>> because they took the block slightly further than initially intended, >>> that should be released within 48 hours, that will correct also our >>> version number. >>> >>> I will be doing partial (small) updates for both 2.3.1 and 2.3.2 for >>> that, so hopefully your impact is relatively small. >>> >>> Thank you for your patience. >> >> Linux versions are borked (both 32bit and 64bit). Both report 2.3.1. But >> *worse* is that they reenstate DigiNotar Root CA. Tested both ways: >> >> 1. 32bit linux deleted DigiNotar Root CA and then did the update via >> Help|Check for Updates. DigiNotar Root CA is now back. >> Build identifier: Mozilla/5.0 (X11; Linux i686; rv:6.0.1) Gecko/20110830 >> Firefox/6.0.1 SeaMonkey/2.3.1 >> >> 2. 64bit linux deleted DigiNotar Root CA and then did the update via >> Help|Check for Updates. DigiNotar Root CA is now back. So I downloaded >> the entire bz2, deleted the old, and extracted to a new folder; >> DigiNotar Root CA is now back on that version as well. >> Build identifier: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.1) >> Gecko/20110830 Firefox/6.0.1 SeaMonkey/2.3.1 >> >> I've not tested any windows versions (yet). > > The root CA will still appear in the cert list, but it is blocked, > please test with a website. > > But its a factor of how this code works. >
Reloaded 2.3.1 (the original) and DigiNotar Root CA shows with trust settings: - This certificate can identify web sites - This certificate can identify software makers https://zga-tag.zorggroep-almere.nl/ works 2.16.528.1.1001.1.1.1.10.1: Certification Practice Statement pointer: http://www.diginotar.nl/cps User Notice: Conditions, as mentioned on our website (www.diginotar.nl), are applicable to all our products and services. Reloaded 2.3.2 64bit (shows 2.3.1) and DigiNotar Root CA now is not showing at all & https://zga-tag.zorggroep-almere.nl/ shows an invalid cert. Reloaded 2.3.2 (32bit) and DigiNotar Root CA shows with all trust settings unchecked (similar to Windows). https://zga-tag.zorggroep-almere.nl/ shows an invalid cert. Odd that the 32bit shows, but the 64bit has it removed completely. Not sure why I have different results (regarding showing & not showing the cert) so I'll test on a few more machines. _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
