Bug#702976: CVE-2010-3312
Vincent Danen
vdanen at redhat.com
Wed Mar 13 21:59:50 UTC 2013
* [2013-03-13 22:12:25 +0100] S?bastien Villemot wrote:
>Le mercredi 13 mars 2013 à 11:58 -0600, Vincent Danen a écrit :
>> This issue was given the name CVE-2010-3312 quite a while ago. See
>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3312 for more info.
>
>I don???t think this is the same issue. The problem reported here is
>specifically about redirections, while CVE-2010-3312 (#564690 in Debian)
>was about *never* verifying SSL certs (and is now fixed).
Well, the issue in our bugzilla is still not fixed in the latest Fedora
version and since the bug is about epiphany not validating certificates
in general. Are you sure it's fixed? If it's fixed in Debian but not
upstream, then this should probably be classified as a separate issue
(but from where I sit, we have 3.6.1 in Fedora 18 and it doesn't seem to
do anything right with regards to SSL certificates).
--
Vincent Danen / Red Hat Security Response Team
More information about the pkg-gnome-maintainers
mailing list