Bug#702976: epiphany-browser: domainname not checked on https

2013-07-01 Thread Moritz Muehlenhoff
severity 702976 important thanks On Mon, Jul 01, 2013 at 03:38:13PM +0200, Christoph Anton Mitterer wrote: > I'm adding the security team now, which I ask to investigate into > this,... > Unfortunately this totally broken version leaked into wheezy as well. Michael Gilbert is a member of the Secu

Bug#702976: epiphany-browser: domainname not checked on https

2013-03-13 Thread Christoph Anton Mitterer
On Wed, 2013-03-13 at 23:23 +0100, Josselin Mouette wrote: > I don’t even see it as a bug. Of course it is... Otherwise I could easily mitm every connection... o.O > Epiphany treats the first site as a self-signed one, which thus has the > same level of security as a non-encrypted connection. And

Bug#702976: epiphany-browser: domainname not checked on https

2013-03-13 Thread Josselin Mouette
Le mercredi 13 mars 2013 à 17:29 +0100, Christoph Anton Mitterer a écrit : > It seems that epiphany does at least not check the domainname correctly > when connection to a site via https. > > For example, when I go to: > https://physik.lmu.de/~mitterer/ > it redirects me automatically to > https:/

Bug#702976: epiphany-browser: domainname not checked on https

2013-03-13 Thread Christoph Anton Mitterer
Package: epiphany-browser Version: 3.4.2-2.1 Severity: critical Tags: security Justification: breaks unrelated software Hi. Marking this as critical/breask-unrealted-software, as it may allow attackers to spoof people into downloading forged software/etc. It seems that epiphany does at least n