Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#44237 - [webkitgtk] CVE-2015-2330: late TLS certificate verification
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Wednesday, 18 March 2015, 09:21 GMT
Last edited by Jan de Groot (JGC) - Sunday, 24 May 2015, 12:02 GMT
Opened by Remi Gacogne (rgacogne) - Wednesday, 18 March 2015, 09:21 GMT
Last edited by Jan de Groot (JGC) - Sunday, 24 May 2015, 12:02 GMT
|
DetailsHello,
A vulnerability [0] has been found in webkitgtk < 2.7.92 (including <= 2.6.5 and <= 2.4.8), allowing sensitive information leak over SSL/TLS connections. I believe we should backport the fix [1] until a new release is available. Thanks! [0]: http://www.openwall.com/lists/oss-security/2015/03/17/11 [1]: http://trac.webkit.org/changeset/181074/trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp |
This task depends upon