Control: forcemerge 607497 -1 thanks On mar., 2012-10-09 at 21:36 +0000, Debian Bug Tracking System wrote: > Processing commands for [email protected]: > > > reassign 672880 midori > Bug #672880 [libsoup2.4-1] CVE-2012-2132: does not indicate whether or not an > SSL certificate is valid > Bug reassigned from package 'libsoup2.4-1' to 'midori'. > No longer marked as found in versions libsoup2.4/2.30.2-1+squeeze1. > Ignoring request to alter fixed versions of bug #672880 to the same values > previously set > > severity 672880 normal > Bug #672880 [midori] CVE-2012-2132: does not indicate whether or not an SSL > certificate is valid > Severity set to 'normal' from 'important' > > thanks > Stopping processing here. > > Please contact me if you need assistance.
(when reassigning, please provide a bit of context…) Actually the same kind of question was already raised (see #607497) and already assigned a CVE (CVE-2010-3900). Henri, did you actually check? Because, here, loading an https website with a CA not recognized correctly turns the url bar to red. The version in git is a bit more aggressive, it won't even load the website if it can't validate the certificate. It's a bit rude against people using self-signed certificates (which are a perfectly valid usage) but there's not much options right now. Obviously, it's not targeted to Wheezy (nor for sid either, for that matters, because of ftp-masters position on waf) Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
