Hi Mike, Hi folks!
Mike, if it's OK for you I'd volunteer to coordinate getting this fix
into the next jessie pointrelease if you don't want to deal with it. I'd
use the package by Andrew which looks fine.
Christoph
--
9FED 5C6C E206 B70A 5857 70CA 9655 22B9 D49A E731
Debian Developer | Li
Hi all,
It would be great if we could get this released on Jessie as quick as
possible - other Bugtrackers even suggest updating nss on Wheezy as well.
The security point asside, this currently causes chrome to show a "red
padlock", thus making the user believe that the website is not
trustw
On Mon, 1 Jun 2015 16:46:35 +0900
Mike Hommey wrote:
> > It's up to Mike whether to fix that in the upcoming point release.
> > We're not planning a DSA for this issue alone, but it can be fixed
> > along when upstream releases changes to address the weakdh issue.
>
> ... which, afaik, is in 3.1
On Wed, May 27, 2015 at 08:11:35AM +0200, Moritz Mühlenhoff wrote:
> On Mon, May 25, 2015 at 11:21:26AM -0700, Andrew Ayer wrote:
> > On Wed, 20 May 2015 06:39:06 +
> > ow...@bugs.debian.org (Debian Bug Tracking System) wrote:
> >
> > > On Wed, May 20, 2015 at 05:58:55PM +1200, VeNoMouS wrote:
On Wed, 27 May 2015 08:11:35 +0200
Moritz Mühlenhoff wrote:
> It's up to Mike whether to fix that in the upcoming point release.
> We're not planning a DSA for this issue alone, but it can be fixed
> along when upstream releases changes to address the weakdh issue.
Mike, are you planning to uplo
On Mon, May 25, 2015 at 11:21:26AM -0700, Andrew Ayer wrote:
> On Wed, 20 May 2015 06:39:06 +
> ow...@bugs.debian.org (Debian Bug Tracking System) wrote:
>
> > On Wed, May 20, 2015 at 05:58:55PM +1200, VeNoMouS wrote:
> > >
> > >
> > > Seriously, how long do we have to wait on this to be fi
On Wed, 20 May 2015 06:39:06 +
ow...@bugs.debian.org (Debian Bug Tracking System) wrote:
> On Wed, May 20, 2015 at 05:58:55PM +1200, VeNoMouS wrote:
> >
> >
> > Seriously, how long do we have to wait on this to be fixed...
>
> It *is* fixed, but somehow the BTS doesn't show it in the grap
Seriously, how long do we have to wait on this to be fixed...
On Mon, 30 Mar 2015 12:58:26 -0700 Kenton Varda
wrote:
> fixed 774195 2:3.17.4-1
>
> Could the fixed version in experimental please get pushed along to
> unstable? Otherwise we're training users to ignore https errors and
Seriously, how long do we have to wait on this to be fixed...
On Mon, 30 Mar 2015 12:58:26 -0700 Kenton Varda
wrote:
> fixed 774195 2:3.17.4-1
>
> Could the fixed version in experimental please get pushed along to
> unstable? Otherwise we're training users to ignore https errors and
> ma
fixed 774195 2:3.17.4-1
Could the fixed version in experimental please get pushed along to
unstable? Otherwise we're training users to ignore https errors and
masking real problems.
On Sat, Mar 14, 2015 at 8:00 PM, Kenton Varda wrote:
> Because of this bug, Chrome (42.0.2311.39) now flags most H
Because of this bug, Chrome (42.0.2311.39) now flags most HTTPS
certificates as broken. For example, tweetdeck.twitter.com shows "https"
struck out in red, as in this screenshot:
https://lh5.googleusercontent.com/-uL3aeiJeg6U/VQOyNUF51rI/HlQ/HUFK3SyDvGk/w359-h30-no/https-not.png
severity 774195 important
tags 774195 + security
thanks
Fixed in NSS 3.17.4:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.4_release_notes
https://code.google.com/p/chromium/issues/detail?id=437733#c12
I'm bumping severity and adding the "security" tag because this does
Package: libnss3
Version: 2:3.17.2-1.1
Severity: normal
Tags: upstream
Upstream has this patch:
https://bugzilla.mozilla.org/show_bug.cgi?id=1112461
The version in Debian does not have it (reasonable, its not released
yet). Right now it causes Chrome/Chromium 40+ to show some sites as
using "i
13 matches
Mail list logo
