On Wed, 22 Apr 2009 23:25:11 +0200 Francesco Poli <[email protected]> wrote:
> tag 355192 + security > thanks > > > Hi! > > Is there any progress on bug #355192? > Has this bug report been forwarded upstream? > > As explained in http://bugs.debian.org/355192#59 , the initially > reported issue still applies to version 2.5.0~beta1. > I am currently using version 2.6.0, but I checked Sylpheed upstream > changelog and it seems there has been no SSL-related change since > version 2.5.0~beta1. > > Also, I am still convinced that this has an impact on security, hence I > am tagging the bug accordingly: as explained in the original bug report > http://bugs.debian.org/355192#5 > > | the user is not warned at all about a certificate > | expiration and could never realize he/she is connecting to a > | potentially unsafe server. > > > I hope this issue may be dealt with soon. > Thanks in advance for any help. Upstream seems to have this fixed in the subversion trunk, which has been also packaged and uploaded to experimental (3.0.0~beta3+svn2374-1) could you please test it? thanks, -- Ricardo Mones http://people.debian.org/~mones «You will forget that you ever knew me.» -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
