Your message dated Sun, 28 Feb 2010 16:12:53 -0500
with message-id <20100228161253.e788be47.michael.s.gilb...@gmail.com>
and subject line re: webkit: potential ssl certificate attack
has caused the Debian Bug report #547217,
regarding webkit: potential ssl certificate attack
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
547217: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547217
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: webkit
version: 1.1.12-1+b1
severity: serious
tags: security
hi,
i was listening to a pauldotcom episode, and heard that webkit may be
susceptible to ssl certificate attacks due to null-character stripping
[0]. please check whether this is a problem, and if it is forward
upstream if necessary.
best wishes,
mike
[0] http://pauldotcom.com/2009/09/pauldotcom-security-weekly--e-25.html
--- End Message ---
--- Begin Message ---
webkit uses libsoup for ssl support, which uses gnutls, and this issue
is already fixed there.
mike
--- End Message ---
