Package: iceweasel Version: 3.5.16-4 Severity: grave Tags: security Justification: user security hole
Hi. It seems that iceweasel still is vulnerable to the SSL renegotiation attack, as simply is configured per default to allow the vulnerable renegotiation: security.ssl.require_safe_negotiation;true Cheers, Chris. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
