-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > While I agree that the current solution still needs some improvement, I do > believe that, as far as security is concerned, the behavior described in this > report does not exist anymore.
Then you can close this bug. > I realize it has been a long time since this bug (and this package) has > received any attention Received attention should not be the indicator of whether bug should be closed or not. I do not know what happened to tags in this bug report, but in Debian security tracker this issue has been marked as fixed in 0.2.7-1.1 version. There is also a note that Midori should not be used if SSL support is important to you. Is this correct information? Please see: https://security-tracker.debian.org/tracker/CVE-2010-3900 I can also do some testing if that is needed. If user should not use Midori when SSL/TLS support is important then it should be clearly pointed out at least in the man page. - -- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJWJ49lAAoJECet96ROqnV0nWQQAI5Jobp+aeKcm3IWt2j4PFMU 7vuz6saI0vzpFfWFeBPW2oF622wyeUf4uwpiKGEDZzMcSSCSLp3IoGDDv9Qte4WK rcjSVkyCJuxro+4rnFALjaqyC1IsajRsKdpHpQAEZKL2p9LLofReBnl871f0eBIo kCy6dzmG3RhWSafQeL86x1TQ6gZLVcl3eWvNfnEql2rRq2rU85dR/VNaUnISrS9k 6HqLkW90ToTB/+huMp1ftD/SVNaucA0SkObskXskO9xlo8LAL5yJBQ8ZA98veS/p XrOh8D7nLmxvBd79sxj4SaAhKa0+9O5CHZLzUXSTbKSGMzq5VRToXGF5nsDCMSs+ vZ8mfEJ6qsIaiJLpq+B3w2tvbYNg8veZs3VeDBQtALmGVcbwCTko6cdKlgPjxB7O +C3vruCGgPthKWVYPKZ7Z0Ug6Nk93YKU0ZVNtu/vXI0GSmty4Z9r3nxt13r5G/0I YDzzHYUeP4j+EDvobNCFAqjvZLQxh3wmSP8of+98KxDOd8VODA6kfXVMLkP1fXH0 XudRyvIDIjJyXUN1lYQtpuxghBXmVC581IWCwV033ki1ZUHphM+lyK4sWGELGkIy waZ/fV8SWA3MjxaMTWWpUdfnDw8hJL+SvQd56Oa6sBy3kO+3R3XlALRpbfjA+v8Y 7zheUuiltaANV1qvmO38 =IsEI -----END PGP SIGNATURE-----