Debian Bug report logs - #564690
epiphany-browser - Does not longer check certificates

version graph

Package: epiphany-browser; Maintainer for epiphany-browser is Josselin Mouette <joss@debian.org>; Source for epiphany-browser is src:epiphany-browser.

Reported by: Bastian Blank <waldi@debian.org>

Date: Mon, 11 Jan 2010 12:18:01 UTC

Severity: grave

Tags: fixed-upstream

Found in version epiphany-browser/2.29.3-1

Fixed in versions epiphany-browser/2.30.2-3, epiphany-browser/2.29.91-1

Done: Josselin Mouette <joss@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://bugzilla.gnome.org/show_bug.cgi?id=600663

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Josselin Mouette <joss@debian.org>:
Bug#564690; Package epiphany-browser. (Mon, 11 Jan 2010 12:18:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bastian Blank <waldi@debian.org>:
New Bug report received and forwarded. Copy sent to Josselin Mouette <joss@debian.org>. (Mon, 11 Jan 2010 12:18:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Bastian Blank <waldi@debian.org>
To: submit@bugs.debian.org
Subject: epiphany-browser - Does not longer check certificates
Date: Mon, 11 Jan 2010 13:14:37 +0100
Package: epiphany-browser
Version: 2.29.3-1
Severity: grave

Current epiphany does not verify the certificates for https-connections.
This makes it unsuitable for almost any secure operation without big fat
warnings.

Bastian

-- 
Landru! Guide us!
		-- A Beta 3-oid, "The Return of the Archons", stardate 3157.4




Set Bug forwarded-to-address to 'https://bugzilla.gnome.org/show_bug.cgi?id=600663'. Request was from intrigeri@boum.org to control@bugs.debian.org. (Sat, 23 Jan 2010 11:51:04 GMT) Full text and rfc822 format available.

Added tag(s) fixed-upstream. Request was from bts-link-upstream@lists.alioth.debian.org to control@bugs.debian.org. (Thu, 25 Feb 2010 17:12:24 GMT) Full text and rfc822 format available.

Reply sent to Josselin Mouette <joss@debian.org>:
You have taken responsibility. (Sun, 28 Feb 2010 14:39:06 GMT) Full text and rfc822 format available.

Notification sent to Bastian Blank <waldi@debian.org>:
Bug acknowledged by developer. (Sun, 28 Feb 2010 14:39:06 GMT) Full text and rfc822 format available.

Message #14 received at 564690-done@bugs.debian.org (full text, mbox):

From: Josselin Mouette <joss@debian.org>
To: 564690-done@bugs.debian.org
Subject: OMGWTFBBQ this is fixed
Date: Sun, 28 Feb 2010 15:36:46 +0100
[Message part 1 (text/plain, inline)]
Version: 2.29.91-1

commit 3e0f7dea754381c5ad11a06ccc62eb153382b498
Author: Gustavo Noronha Silva <gns@gnome.org>
Date:   Thu Feb 18 14:30:49 2010 -0200

    Report broken certs through the padlock icon
    
    This uses a new feature in libsoup that reports through a 
    SoupMessageFlag whether the message is talking to a server that has a
    trusted server.
    
    Bug #600663


Note that there is no integrated certificate manager yet, but you can
have basic certificate management with ca-certificates.

Cheers,
-- 
 .''`.      Josselin Mouette
: :' :
`. `'   “I recommend you to learn English in hope that you in
  `-     future understand things”  -- Jörg Schilling
[signature.asc (application/pgp-signature, inline)]

Bug No longer marked as fixed in versions 2.29.91-1. Request was from Emilio Pozuelo Monfort <pochu@debian.org> to control@bugs.debian.org. (Sat, 07 Aug 2010 00:54:06 GMT) Full text and rfc822 format available.

Bug Marked as fixed in versions epiphany-browser/2.29.91-1. Request was from Emilio Pozuelo Monfort <pochu@debian.org> to control@bugs.debian.org. (Sat, 07 Aug 2010 00:54:06 GMT) Full text and rfc822 format available.

Bug Marked as fixed in versions epiphany-browser/2.30.2-3. Request was from Emilio Pozuelo Monfort <pochu@debian.org> to control@bugs.debian.org. (Sat, 07 Aug 2010 10:57:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Josselin Mouette <joss@debian.org>:
Bug#564690; Package epiphany-browser. (Fri, 01 Oct 2010 21:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Josselin Mouette <joss@debian.org>. (Fri, 01 Oct 2010 21:36:03 GMT) Full text and rfc822 format available.

Message #25 received at 564690@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Josselin Mouette <joss@debian.org>
Cc: 564690@bugs.debian.org
Subject: Re: OMGWTFBBQ this is fixed
Date: Fri, 1 Oct 2010 23:33:54 +0200
On Sun, Feb 28, 2010 at 03:36:46PM +0100, Josselin Mouette wrote:
> Version: 2.29.91-1
> 
> commit 3e0f7dea754381c5ad11a06ccc62eb153382b498
> Author: Gustavo Noronha Silva <gns@gnome.org>
> Date:   Thu Feb 18 14:30:49 2010 -0200
> 
>     Report broken certs through the padlock icon
>     
>     This uses a new feature in libsoup that reports through a 
>     SoupMessageFlag whether the message is talking to a server that has a
>     trusted server.
>     
>     Bug #600663

I suppose this doesn't affect Stable, since the switch to webkit
was done post-Lenny?

Cheers,
        Moritz




Information forwarded to debian-bugs-dist@lists.debian.org, Josselin Mouette <joss@debian.org>:
Bug#564690; Package epiphany-browser. (Sat, 02 Oct 2010 10:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to 564690@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Josselin Mouette <joss@debian.org>. (Sat, 02 Oct 2010 10:33:03 GMT) Full text and rfc822 format available.

Message #30 received at 564690@bugs.debian.org (full text, mbox):

From: Josselin Mouette <joss@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>, 564690@bugs.debian.org
Subject: Re: Bug#564690: OMGWTFBBQ this is fixed
Date: Sat, 02 Oct 2010 12:29:06 +0200
[Message part 1 (text/plain, inline)]
Le vendredi 01 octobre 2010 à 23:33 +0200, Moritz Muehlenhoff a écrit : 
> On Sun, Feb 28, 2010 at 03:36:46PM +0100, Josselin Mouette wrote:
> > Version: 2.29.91-1
> > 
> > commit 3e0f7dea754381c5ad11a06ccc62eb153382b498
> > Author: Gustavo Noronha Silva <gns@gnome.org>
> > Date:   Thu Feb 18 14:30:49 2010 -0200
> > 
> >     Report broken certs through the padlock icon
> >     
> >     This uses a new feature in libsoup that reports through a 
> >     SoupMessageFlag whether the message is talking to a server that has a
> >     trusted server.
> >     
> >     Bug #600663
> 
> I suppose this doesn't affect Stable, since the switch to webkit
> was done post-Lenny?

Indeed. This was a severe regression from lenny, hence the severity.

Cheers,
-- 
 .''`.      Josselin Mouette
: :' :
`. `'  “If you behave this way because you are blackmailed by someone,
  `-    […] I will see what I can do for you.”  -- Jörg Schilling
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 17 May 2011 08:04:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 02:14:14 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.