*** This bug is a security vulnerability *** Public security bug reported:
Someone reported this in Debian: http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=608724 identi.ca had (mistakenly) installed an SSL certificate not recognized by the installed CA, yet the user has been presented with the OAuth login screen even if that https connection could not be authentified. ** Affects: gwibber Importance: Undecided Status: New ** Affects: gwibber (Debian) Importance: Unknown Status: Unknown ** Visibility changed to: Public ** Bug watch added: Debian Bug tracker #608724 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608724 ** Also affects: gwibber (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608724 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Registry Administrators, which is subscribed to Gwibber. https://bugs.launchpad.net/bugs/705363 Title: gwibber bypasses certificate checking when providing the login/password for OAuth _______________________________________________ Mailing list: https://launchpad.net/~registry Post to : [email protected] Unsubscribe : https://launchpad.net/~registry More help : https://help.launchpad.net/ListHelp
