** Changed in: launchpad-foundations
Status: Triaged => Won't Fix
** Description changed:
+ Symptoms
+ ========
+
Using firefox open http://wiki.ubuntu.com or https://launchpad.net and look
in the error console.
You will see this message:
site : potentially vulnerable to cve-2009-3555
+
+ Cause
+ =====
+
+ We have disabled part of the TLS in order to prevent being affected by
+ the mentioned CVE - launchpad is not vulnerable, and the browser warning
+ is spurious : https://bugzilla.mozilla.org/show_bug.cgi?id=554594
+ documents this.
+
+ We will in due course have a newer libopenssl deployed onto our servers,
+ but as this is, at most, cosmetic we're not planning on a special
+ deployment for the moment - we will run with the version that is in
+ Ubuntu's current LTS release. As of August 2010 Launchpad is about to
+ upgrade to Lucid, which may give us the newer libopenssl.
+
+ Workaround
+ ==========
+
+ Ignore the warning in your browser.
--
potentially vulnerable to cve-2009-3555
https://bugs.launchpad.net/bugs/566467
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
