oss-sec mailing list archives
Re: CVE request: epiphany not checking ssl certs
From: Josh Bressers <bressers () redhat com>
Date: Fri, 17 Sep 2010 14:39:14 -0400 (EDT)
----- "Tomas Hoger" <thoger () redhat com> wrote:
On Fri, 17 Sep 2010 14:19:03 +0200 Hanno Böck wrote:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564690 http://blog.fefe.de/?ts=b26ca29d Did this get a CVE yet?Any specific reason to only give CVE to epiphany if you want to start giving CVEs for this kind of flaw? IIRC, not long ago, no WebKitGtk-based browser I tried verified server SSL certificates and all connected without any complaint or indication that SSL certificate was not verified. None seemed to offer any configuration option to enable certificate checking. I guess there may be / was some limitations on WebKitGtk side that can explain this. I noticed midori now uses different address bar background color, which seem to be similar to the epiphany fix described in the Debian bug. Oh, now I see you're probably asking for CVE for post-deb#564690 behavior, not pre-deb#564690, right?
I'm not following this. What exactly is getting a CVE id here? Thanks. -- JB
Current thread:
- CVE request: epiphany not checking ssl certs Hanno Böck (Sep 17)
- Re: CVE request: epiphany not checking ssl certs Tomas Hoger (Sep 17)
- Re: CVE request: epiphany not checking ssl certs Josh Bressers (Sep 17)
- Re: CVE request: epiphany not checking ssl certs Steven M. Christey (Sep 17)
- Re: CVE request: epiphany not checking ssl certs Michael Gilbert (Sep 17)
- Re: CVE request: epiphany not checking ssl certs Josh Bressers (Sep 21)
- Re: CVE request: epiphany not checking ssl certs Ludwig Nussel (Sep 20)
- Re: CVE request: epiphany not checking ssl certs Tomas Hoger (Sep 17)