-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> While I agree that the current solution still needs some improvement, I do
> believe that, as far as security is concerned, the behavior described in this
> report does not exist anymore.

Then you can close this bug.

> I realize it has been a long time since this bug (and this package) has
> received any attention

Received attention should not be the indicator of whether bug should be closed
or not.

I do not know what happened to tags in this bug report, but in Debian security
tracker this issue has been marked as fixed in 0.2.7-1.1 version. There is also
a note that Midori should not be used if SSL support is important to you. Is
this correct information?

Please see: https://security-tracker.debian.org/tracker/CVE-2010-3900

I can also do some testing if that is needed. If user should not use Midori when
SSL/TLS support is important then it should be clearly pointed out at least in
the man page.

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJWJ49lAAoJECet96ROqnV0nWQQAI5Jobp+aeKcm3IWt2j4PFMU
7vuz6saI0vzpFfWFeBPW2oF622wyeUf4uwpiKGEDZzMcSSCSLp3IoGDDv9Qte4WK
rcjSVkyCJuxro+4rnFALjaqyC1IsajRsKdpHpQAEZKL2p9LLofReBnl871f0eBIo
kCy6dzmG3RhWSafQeL86x1TQ6gZLVcl3eWvNfnEql2rRq2rU85dR/VNaUnISrS9k
6HqLkW90ToTB/+huMp1ftD/SVNaucA0SkObskXskO9xlo8LAL5yJBQ8ZA98veS/p
XrOh8D7nLmxvBd79sxj4SaAhKa0+9O5CHZLzUXSTbKSGMzq5VRToXGF5nsDCMSs+
vZ8mfEJ6qsIaiJLpq+B3w2tvbYNg8veZs3VeDBQtALmGVcbwCTko6cdKlgPjxB7O
+C3vruCGgPthKWVYPKZ7Z0Ug6Nk93YKU0ZVNtu/vXI0GSmty4Z9r3nxt13r5G/0I
YDzzHYUeP4j+EDvobNCFAqjvZLQxh3wmSP8of+98KxDOd8VODA6kfXVMLkP1fXH0
XudRyvIDIjJyXUN1lYQtpuxghBXmVC581IWCwV033ki1ZUHphM+lyK4sWGELGkIy
waZ/fV8SWA3MjxaMTWWpUdfnDw8hJL+SvQd56Oa6sBy3kO+3R3XlALRpbfjA+v8Y
7zheUuiltaANV1qvmO38
=IsEI
-----END PGP SIGNATURE-----

Reply via email to