Your message dated Tue, 01 Oct 2013 19:47:11 +0000 with message-id <e1vr5uz-0001dy...@franck.debian.org> and subject line Bug#724960: fixed in perspectives-extension 4.3.1-1+deb7u1 has caused the Debian Bug report #724960, regarding Incorrect quorum length with low number of notaries and/or low quorum percentage to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 724960: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724960 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: perspectives-extension Severity: grave Tags: upstream Control: fixed -1 4.3.6-1 Control: forwarded -1 https://github.com/danwent/Perspectives/issues/87 The current flaw (triggered by a non-default setup by the user) can make the browser basically trust any certificate. The risk to the user is, in the worst conditions, to believe they are exchanging data with a trusted organization, while in fact the certificate had been e.g. deactivated (and thus facilitate MITM-attacks). It does require a very unusual configuration, but with such a configuration completely undermines the security model perspectives attempts to provide. More information is available of the upstream website: http://perspectives-project.org/2013/09/19/security-alert-incorrect-quorum-with-low-number-of-notaries-andor-low-quorum-percentage/ -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.10-3-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: perspectives-extension Source-Version: 4.3.1-1+deb7u1 We believe that the bug you reported is fixed in the latest version of perspectives-extension, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 724...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot <taf...@debian.org> (supplier of updated perspectives-extension package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 29 Sep 2013 21:23:06 -0400 Source: perspectives-extension Binary: xul-ext-perspectives Architecture: source all Version: 4.3.1-1+deb7u1 Distribution: wheezy Urgency: low Maintainer: Debian Mozilla Extension Maintainers <pkg-mozext-maintain...@lists.alioth.debian.org> Changed-By: David Prévot <taf...@debian.org> Description: xul-ext-perspectives - verify HTTPS sites through notary servers Closes: 724960 Changes: perspectives-extension (4.3.1-1+deb7u1) wheezy; urgency=low . * Backport security fix from 4.3.6. Incorrect quorum length with low number of notaries and/or low quorum percentage. (Closes: #724960) Checksums-Sha1: f730995e0befea5212f144daed34b7311fb6fb06 1860 perspectives-extension_4.3.1-1+deb7u1.dsc 67adb1846912bbedd3384785796f9c1821e96692 4667 perspectives-extension_4.3.1-1+deb7u1.debian.tar.gz 6d50fe410d0ffdc4f814f3abf1fe8a355cbffada 99700 xul-ext-perspectives_4.3.1-1+deb7u1_all.deb Checksums-Sha256: 578813531218c87ef468bc3ae520f4521f0158f10223cd4b620b99399c2433a4 1860 perspectives-extension_4.3.1-1+deb7u1.dsc 7c7dfc11af2152935bb855499a36f54c35e2ceb25781d727961eea49d63c7215 4667 perspectives-extension_4.3.1-1+deb7u1.debian.tar.gz 18660364fac5380625e5b86b99f64abe32faccb6405efe38dc90d3cdfb95c9e9 99700 xul-ext-perspectives_4.3.1-1+deb7u1_all.deb Files: 68c77de681dc73d45c5e5863d824372a 1860 web optional perspectives-extension_4.3.1-1+deb7u1.dsc 7b2be0c63d846d8e2ace975fa3dcc8cd 4667 web optional perspectives-extension_4.3.1-1+deb7u1.debian.tar.gz ee2355b085c00cd0b3666f624fa4098b 99700 web optional xul-ext-perspectives_4.3.1-1+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBCAAGBQJSSNPPAAoJEAWMHPlE9r08lpYIALJEIocIIhSBsAguy+RbUBPi P5Hjnt+d1M0LIOs44ZLEkRKCtxdm13mgch0HqAIE4hSlJSGKc3fQCr290udu0nYT GmhDRQfdAyLRlkS8r5E6EiGyGFbQwmjBCcoVzImc9mngeJyzPaETQi/Ni7uSpFxj D3t7wdZr4Xi2P2ZSLCESRmQvjB8ezDtYX/N9H1TtK/7bQurjyJcRQ+V6WCo7n8hN sTHnxp39aOX6lGOESAePTlx8zmDvaawrTNIQqyTU53Zj7rqTr7NKpmqQrTLsdvJZ MJLo+LXE5ZoGOnYY6KNueeUzSrf/ytroQ/w/de+rFxyqbTsA7FXA/tCbOuc2PoU= =bF5A -----END PGP SIGNATURE-----
--- End Message ---
