On Wednesday, October 21 2015, Henri Salo wrote: >> While I agree that the current solution still needs some improvement, I do >> believe that, as far as security is concerned, the behavior described in this >> report does not exist anymore. > > Then you can close this bug.
This bug is important enough that it deserves a double-check, therefore I do not think I can just close it out of nowhere. >> I realize it has been a long time since this bug (and this package) has >> received any attention > > Received attention should not be the indicator of whether bug should be closed > or not. I did not say this. > I do not know what happened to tags in this bug report, but in Debian security > tracker this issue has been marked as fixed in 0.2.7-1.1 version. There is > also > a note that Midori should not be used if SSL support is important to you. Is > this correct information? To the extent of my knowledge, no. > Please see: https://security-tracker.debian.org/tracker/CVE-2010-3900 What makes you think I did not see this? > I can also do some testing if that is needed. If user should not use Midori > when > SSL/TLS support is important then it should be clearly pointed out at least in > the man page. I would appreciate more testing, of course. That is why I decided to ping this bug instead of closing it. -- Sergio GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 Please send encrypted e-mail if possible http://sergiodj.net/
signature.asc
Description: PGP signature
