control: tag -1 confirmed On Wed, Mar 13, 2013 at 12:29 PM, Christoph Anton Mitterer wrote: > It seems that epiphany does at least not check the domainname correctly > when connection to a site via https. > > For example, when I go to: > https://physik.lmu.de/~mitterer/ > it redirects me automatically to > https://homepages.physik.uni-muenchen.de/~mitterer/ > without any complaining.
I'll confirm that this is indeed an issue. chromium/iceweasel do detect this as badness, and appropriately warn the user, so epiphany's behavior is certainly wrong. However, webkit (and thus webkit-based browsers) are not supported security-wise in debian (due to a lack of an upstream security process): http://www.debian.org/releases/testing/i386/release-notes/ch-information.en.html#browser-security The bug severity was downgraded since due to that. You may want to consider a CVE request. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
