On mer., 2012-10-10 at 17:28 +0300, Henri Salo wrote: > On Wed, Oct 10, 2012 at 04:20:34PM +0200, Yves-Alexis Perez wrote: > > On mer., 2012-10-10 at 09:23 +0300, Henri Salo wrote: > > > On Wed, Oct 10, 2012 at 08:13:15AM +0200, Yves-Alexis Perez wrote: > > > > Henri, did you actually check? Because, here, loading an https website > > > > with a CA not recognized correctly turns the url bar to red. > > > > > > Yes I tested Midori package in squeeze: > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672880#25 > > > > > > > Well, in Squeeze, the same thing applies than for CVE-2010-3900. > > -- > > Yves-Alexis > > Hello, > > Sorry I am not sure I get your point in here. So you are saying that > there is duplicate CVE assigned? Do you want me to ask the newer CVE to > be rejected?
I'm unsure, but as far as I understand it, it's not the same code involved. CVE-2010-3900 is fixed in recent midori, while CVE-2012-2132 is not. For Debian, Squeeze is vulnerable to CVE-2010-3900 but I'm not sure it's vulnerable to CVE-2012-2132 since it's not the same mechanism used, or something. For Sid, CVE-2010-3900 is fixed, CVE-2012-2132 is not and won't be as long as the waf situation is not solved, one way or another. Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
