Package: chromium Version: 33.0.1750.152-1 Severity: grave Tags: security Justification: user security hole
http://code.google.com/p/chromium/issues/detail?id=361568 What steps will reproduce the problem? 1. Go to the settings. 2. Choose advanced settings. 3. See HTTPS/SSL. What is the expected result? "Check for server certificate revocation" should be ticked by default. What happens instead? It isn't ticked by default (see attached snapshot). Checking for server certificate revocation is crucial, in particular after the OpenSSL heartbleed bug: keys may have been compromised, and many certificates will be revoked. Another user has noticed the issue about this setting: https://twitter.com/cbrocas/status/453799729638297600 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11-2-amd64 (SMP w/2 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages chromium depends on: ii chromium-inspector 33.0.1750.152-1 ii gconf-service 3.2.6-2 ii libasound2 1.0.27.2-3 ii libatk1.0-0 2.12.0-1 ii libc6 2.18-4 ii libcairo2 1.12.16-2 ii libcap2 1:2.22-1.2 ii libcups2 1.7.1-12 ii libdbus-1-3 1.8.0-3 ii libexpat1 2.1.0-4 ii libfontconfig1 2.11.0-5 ii libfreetype6 2.5.2-1 ii libgcc1 1:4.8.2-19 ii libgconf-2-4 3.2.6-2 ii libgcrypt11 1.5.3-4 ii libgdk-pixbuf2.0-0 2.30.6-1 ii libglib2.0-0 2.40.0-2 ii libgnome-keyring0 3.8.0-2 ii libgtk2.0-0 2.24.23-1 ii libjpeg8 8d-2 ii libnspr4 2:4.10.4-1 ii libnss3 2:3.16-1 ii libpango-1.0-0 1.36.3-1 ii libpangocairo-1.0-0 1.36.3-1 ii libspeechd2 0.8-6 ii libspeex1 1.2~rc1.1-1 ii libstdc++6 4.8.2-19 ii libudev1 204-8 ii libx11-6 2:1.6.2-1 ii libxcomposite1 1:0.4.4-1 ii libxdamage1 1:1.1.4-1 ii libxext6 2:1.3.2-1 ii libxfixes3 1:5.0.1-1 ii libxi6 2:1.7.2-1 ii libxml2 2.9.1+dfsg1-3 ii libxrender1 1:0.9.8-1 ii libxslt1.1 1.1.28-2 ii libxss1 1:1.2.2-1 ii libxtst6 2:1.2.2-1 ii xdg-utils 1.1.0~rc1+git20111210-7 chromium recommends no packages. Versions of packages chromium suggests: pn chromium-l10n <none> pn mozplugger <none> -- no debconf information
<<attachment: settings.png>>