Package: perspectives-extension Severity: grave Tags: upstream Control: fixed -1 4.3.6-1 Control: forwarded -1 https://github.com/danwent/Perspectives/issues/87
The current flaw (triggered by a non-default setup by the user) can make the browser basically trust any certificate. The risk to the user is, in the worst conditions, to believe they are exchanging data with a trusted organization, while in fact the certificate had been e.g. deactivated (and thus facilitate MITM-attacks). It does require a very unusual configuration, but with such a configuration completely undermines the security model perspectives attempts to provide. More information is available of the upstream website: http://perspectives-project.org/2013/09/19/security-alert-incorrect-quorum-with-low-number-of-notaries-andor-low-quorum-percentage/ -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.10-3-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
signature.asc
Description: Digital signature
