[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes
A successful attack would mean that the attackers would have a rogue CA. They would then be able to generate a bogus certificate for any site without any additional resources. This issue should therefore be considered critical in my opinion. The benefit to an attacker would justify using considerable resources in generating the rogue CA cert. I do think that the end-user should be able to override the security weakness warning. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes
As long as the end-user can override the warning, they are still able to continue with existing workflows based on their judgment. Also, the warning would encourage CA's and web sites to move to SHA more quickly. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] [NEW] Stop honoring digital signatures based on MD5 hashes
*** This bug is a security vulnerability *** Public security bug reported: In http://www.win.tue.nl/hashclash/rogue-ca/ , a CA cert was created that is accepted by Firefox. This allows any web site to be impersonated. See upstream https://bugzilla.mozilla.org/show_bug.cgi?id=471539 . This may also apply to other PKI enabled packages in Ubuntu that accept MD5, including Thunderbird, Evolution, and anything that depends on openssl. ** Affects: firefox Importance: Unknown Status: Confirmed ** Affects: firefox (Ubuntu) Importance: Undecided Status: New ** Affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Bug watch added: Mozilla Bugzilla #471539 https://bugzilla.mozilla.org/show_bug.cgi?id=471539 ** Also affects: firefox via https://bugzilla.mozilla.org/show_bug.cgi?id=471539 Importance: Unknown Status: Unknown ** Also affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 103747] metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles
Public bug reported: Binary package hint: metacity I'm using Ubuntu 6.10, metacity version 2.16.3-0ubuntu2 , and xcompmgr. In my application, when I'm using XShapeCombineRectangles to cut rectangles from its windows, the window doesn't have a hole in it. Once I close xcompmgr, the hole appears ok. I'll attach soon a small application to demonstrate this. Any ideas? Thanks, Cristian Miron ** Affects: metacity (Ubuntu) Importance: Undecided Status: Unconfirmed -- metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles https://bugs.launchpad.net/bugs/103747 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 103747] Re: metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles
NOTE : The application works on with xfwm4. -- metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles https://bugs.launchpad.net/bugs/103747 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 251304] Re: Pidgin XMPP TLS/SSL Man in the Middle attack
See also http://developer.pidgin.im/ticket/6500 which includes a patch. -- Pidgin XMPP TLS/SSL Man in the Middle attack https://bugs.launchpad.net/bugs/251304 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 251304] Re: Pidgin XMPP TLS/SSL Man in the Middle attack
I don't think so. I would have done it, but not certain of the procedure. -- Pidgin XMPP TLS/SSL Man in the Middle attack https://bugs.launchpad.net/bugs/251304 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 251304] Re: Pidgin XMPP TLS/SSL Man in the Middle attack
See also http://developer.pidgin.im/ticket/6500 which includes a patch. -- Pidgin XMPP TLS/SSL Man in the Middle attack https://bugs.launchpad.net/bugs/251304 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 251304] Re: Pidgin XMPP TLS/SSL Man in the Middle attack
I don't think so. I would have done it, but not certain of the procedure. -- Pidgin XMPP TLS/SSL Man in the Middle attack https://bugs.launchpad.net/bugs/251304 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] [NEW] Stop honoring digital signatures based on MD5 hashes
*** This bug is a security vulnerability *** Public security bug reported: In http://www.win.tue.nl/hashclash/rogue-ca/ , a CA cert was created that is accepted by Firefox. This allows any web site to be impersonated. See upstream https://bugzilla.mozilla.org/show_bug.cgi?id=471539 . This may also apply to other PKI enabled packages in Ubuntu that accept MD5, including Thunderbird, Evolution, and anything that depends on openssl. ** Affects: firefox Importance: Unknown Status: Confirmed ** Affects: firefox (Ubuntu) Importance: Undecided Status: New ** Affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Bug watch added: Mozilla Bugzilla #471539 https://bugzilla.mozilla.org/show_bug.cgi?id=471539 ** Also affects: firefox via https://bugzilla.mozilla.org/show_bug.cgi?id=471539 Importance: Unknown Status: Unknown ** Also affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes
A successful attack would mean that the attackers would have a rogue CA. They would then be able to generate a bogus certificate for any site without any additional resources. This issue should therefore be considered critical in my opinion. The benefit to an attacker would justify using considerable resources in generating the rogue CA cert. I do think that the end-user should be able to override the security weakness warning. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes
As long as the end-user can override the warning, they are still able to continue with existing workflows based on their judgment. Also, the warning would encourage CA's and web sites to move to SHA more quickly. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] [NEW] Stop honoring digital signatures based on MD5 hashes
*** This bug is a security vulnerability *** Public security bug reported: In http://www.win.tue.nl/hashclash/rogue-ca/ , a CA cert was created that is accepted by Firefox. This allows any web site to be impersonated. See upstream https://bugzilla.mozilla.org/show_bug.cgi?id=471539 . This may also apply to other PKI enabled packages in Ubuntu that accept MD5, including Thunderbird, Evolution, and anything that depends on openssl. ** Affects: firefox Importance: Unknown Status: Confirmed ** Affects: firefox (Ubuntu) Importance: Undecided Status: New ** Affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Bug watch added: Mozilla Bugzilla #471539 https://bugzilla.mozilla.org/show_bug.cgi?id=471539 ** Also affects: firefox via https://bugzilla.mozilla.org/show_bug.cgi?id=471539 Importance: Unknown Status: Unknown ** Also affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes
A successful attack would mean that the attackers would have a rogue CA. They would then be able to generate a bogus certificate for any site without any additional resources. This issue should therefore be considered critical in my opinion. The benefit to an attacker would justify using considerable resources in generating the rogue CA cert. I do think that the end-user should be able to override the security weakness warning. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes
As long as the end-user can override the warning, they are still able to continue with existing workflows based on their judgment. Also, the warning would encourage CA's and web sites to move to SHA more quickly. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 103747] metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles
Public bug reported: Binary package hint: metacity I'm using Ubuntu 6.10, metacity version 2.16.3-0ubuntu2 , and xcompmgr. In my application, when I'm using XShapeCombineRectangles to cut rectangles from its windows, the window doesn't have a hole in it. Once I close xcompmgr, the hole appears ok. I'll attach soon a small application to demonstrate this. Any ideas? Thanks, Cristian Miron ** Affects: metacity (Ubuntu) Importance: Undecided Status: Unconfirmed -- metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles https://bugs.launchpad.net/bugs/103747 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 103747] Re: metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles
NOTE : The application works on with xfwm4. -- metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles https://bugs.launchpad.net/bugs/103747 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 251304] Re: Pidgin XMPP TLS/SSL Man in the Middle attack
See also http://developer.pidgin.im/ticket/6500 which includes a patch. -- Pidgin XMPP TLS/SSL Man in the Middle attack https://bugs.launchpad.net/bugs/251304 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 251304] Re: Pidgin XMPP TLS/SSL Man in the Middle attack
I don't think so. I would have done it, but not certain of the procedure. -- Pidgin XMPP TLS/SSL Man in the Middle attack https://bugs.launchpad.net/bugs/251304 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 103747] metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles
Public bug reported: Binary package hint: metacity I'm using Ubuntu 6.10, metacity version 2.16.3-0ubuntu2 , and xcompmgr. In my application, when I'm using XShapeCombineRectangles to cut rectangles from its windows, the window doesn't have a hole in it. Once I close xcompmgr, the hole appears ok. I'll attach soon a small application to demonstrate this. Any ideas? Thanks, Cristian Miron ** Affects: metacity (Ubuntu) Importance: Undecided Status: Unconfirmed -- metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles https://bugs.launchpad.net/bugs/103747 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 103747] Re: metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles
NOTE : The application works on with xfwm4. -- metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles https://bugs.launchpad.net/bugs/103747 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 251304] Re: Pidgin XMPP TLS/SSL Man in the Middle attack
See also http://developer.pidgin.im/ticket/6500 which includes a patch. -- Pidgin XMPP TLS/SSL Man in the Middle attack https://bugs.launchpad.net/bugs/251304 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 251304] Re: Pidgin XMPP TLS/SSL Man in the Middle attack
I don't think so. I would have done it, but not certain of the procedure. -- Pidgin XMPP TLS/SSL Man in the Middle attack https://bugs.launchpad.net/bugs/251304 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 103747] metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles
Public bug reported: Binary package hint: metacity I'm using Ubuntu 6.10, metacity version 2.16.3-0ubuntu2 , and xcompmgr. In my application, when I'm using XShapeCombineRectangles to cut rectangles from its windows, the window doesn't have a hole in it. Once I close xcompmgr, the hole appears ok. I'll attach soon a small application to demonstrate this. Any ideas? Thanks, Cristian Miron ** Affects: metacity (Ubuntu) Importance: Undecided Status: Unconfirmed -- metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles https://bugs.launchpad.net/bugs/103747 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 103747] Re: metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles
NOTE : The application works on with xfwm4. -- metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles https://bugs.launchpad.net/bugs/103747 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 251304] Re: Pidgin XMPP TLS/SSL Man in the Middle attack
See also http://developer.pidgin.im/ticket/6500 which includes a patch. -- Pidgin XMPP TLS/SSL Man in the Middle attack https://bugs.launchpad.net/bugs/251304 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 251304] Re: Pidgin XMPP TLS/SSL Man in the Middle attack
I don't think so. I would have done it, but not certain of the procedure. -- Pidgin XMPP TLS/SSL Man in the Middle attack https://bugs.launchpad.net/bugs/251304 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] [NEW] Stop honoring digital signatures based on MD5 hashes
*** This bug is a security vulnerability *** Public security bug reported: In http://www.win.tue.nl/hashclash/rogue-ca/ , a CA cert was created that is accepted by Firefox. This allows any web site to be impersonated. See upstream https://bugzilla.mozilla.org/show_bug.cgi?id=471539 . This may also apply to other PKI enabled packages in Ubuntu that accept MD5, including Thunderbird, Evolution, and anything that depends on openssl. ** Affects: firefox Importance: Unknown Status: Confirmed ** Affects: firefox (Ubuntu) Importance: Undecided Status: New ** Affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Bug watch added: Mozilla Bugzilla #471539 https://bugzilla.mozilla.org/show_bug.cgi?id=471539 ** Also affects: firefox via https://bugzilla.mozilla.org/show_bug.cgi?id=471539 Importance: Unknown Status: Unknown ** Also affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes
A successful attack would mean that the attackers would have a rogue CA. They would then be able to generate a bogus certificate for any site without any additional resources. This issue should therefore be considered critical in my opinion. The benefit to an attacker would justify using considerable resources in generating the rogue CA cert. I do think that the end-user should be able to override the security weakness warning. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes
As long as the end-user can override the warning, they are still able to continue with existing workflows based on their judgment. Also, the warning would encourage CA's and web sites to move to SHA more quickly. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes
A successful attack would mean that the attackers would have a rogue CA. They would then be able to generate a bogus certificate for any site without any additional resources. This issue should therefore be considered critical in my opinion. The benefit to an attacker would justify using considerable resources in generating the rogue CA cert. I do think that the end-user should be able to override the security weakness warning. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes
As long as the end-user can override the warning, they are still able to continue with existing workflows based on their judgment. Also, the warning would encourage CA's and web sites to move to SHA more quickly. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 103747] metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles
Public bug reported: Binary package hint: metacity I'm using Ubuntu 6.10, metacity version 2.16.3-0ubuntu2 , and xcompmgr. In my application, when I'm using XShapeCombineRectangles to cut rectangles from its windows, the window doesn't have a hole in it. Once I close xcompmgr, the hole appears ok. I'll attach soon a small application to demonstrate this. Any ideas? Thanks, Cristian Miron ** Affects: metacity (Ubuntu) Importance: Undecided Status: Unconfirmed -- metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles https://bugs.launchpad.net/bugs/103747 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 103747] Re: metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles
NOTE : The application works on with xfwm4. -- metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles https://bugs.launchpad.net/bugs/103747 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 251304] Re: Pidgin XMPP TLS/SSL Man in the Middle attack
See also http://developer.pidgin.im/ticket/6500 which includes a patch. -- Pidgin XMPP TLS/SSL Man in the Middle attack https://bugs.launchpad.net/bugs/251304 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 251304] Re: Pidgin XMPP TLS/SSL Man in the Middle attack
I don't think so. I would have done it, but not certain of the procedure. -- Pidgin XMPP TLS/SSL Man in the Middle attack https://bugs.launchpad.net/bugs/251304 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] [NEW] Stop honoring digital signatures based on MD5 hashes
*** This bug is a security vulnerability *** Public security bug reported: In http://www.win.tue.nl/hashclash/rogue-ca/ , a CA cert was created that is accepted by Firefox. This allows any web site to be impersonated. See upstream https://bugzilla.mozilla.org/show_bug.cgi?id=471539 . This may also apply to other PKI enabled packages in Ubuntu that accept MD5, including Thunderbird, Evolution, and anything that depends on openssl. ** Affects: firefox Importance: Unknown Status: Confirmed ** Affects: firefox (Ubuntu) Importance: Undecided Status: New ** Affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Bug watch added: Mozilla Bugzilla #471539 https://bugzilla.mozilla.org/show_bug.cgi?id=471539 ** Also affects: firefox via https://bugzilla.mozilla.org/show_bug.cgi?id=471539 Importance: Unknown Status: Unknown ** Also affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 103747] metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles
Public bug reported: Binary package hint: metacity I'm using Ubuntu 6.10, metacity version 2.16.3-0ubuntu2 , and xcompmgr. In my application, when I'm using XShapeCombineRectangles to cut rectangles from its windows, the window doesn't have a hole in it. Once I close xcompmgr, the hole appears ok. I'll attach soon a small application to demonstrate this. Any ideas? Thanks, Cristian Miron ** Affects: metacity (Ubuntu) Importance: Undecided Status: Unconfirmed -- metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles https://bugs.launchpad.net/bugs/103747 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 103747] Re: metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles
NOTE : The application works on with xfwm4. -- metacity (ubuntu) + xcompmgr : issue with XShapeCombineRectangles https://bugs.launchpad.net/bugs/103747 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] [NEW] Stop honoring digital signatures based on MD5 hashes
*** This bug is a security vulnerability *** Public security bug reported: In http://www.win.tue.nl/hashclash/rogue-ca/ , a CA cert was created that is accepted by Firefox. This allows any web site to be impersonated. See upstream https://bugzilla.mozilla.org/show_bug.cgi?id=471539 . This may also apply to other PKI enabled packages in Ubuntu that accept MD5, including Thunderbird, Evolution, and anything that depends on openssl. ** Affects: firefox Importance: Unknown Status: Confirmed ** Affects: firefox (Ubuntu) Importance: Undecided Status: New ** Affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Bug watch added: Mozilla Bugzilla #471539 https://bugzilla.mozilla.org/show_bug.cgi?id=471539 ** Also affects: firefox via https://bugzilla.mozilla.org/show_bug.cgi?id=471539 Importance: Unknown Status: Unknown ** Also affects: firefox-3.0 (Ubuntu) Importance: Undecided Status: New -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes
A successful attack would mean that the attackers would have a rogue CA. They would then be able to generate a bogus certificate for any site without any additional resources. This issue should therefore be considered critical in my opinion. The benefit to an attacker would justify using considerable resources in generating the rogue CA cert. I do think that the end-user should be able to override the security weakness warning. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 312536] Re: Stop honoring digital signatures based on MD5 hashes
As long as the end-user can override the warning, they are still able to continue with existing workflows based on their judgment. Also, the warning would encourage CA's and web sites to move to SHA more quickly. -- Stop honoring digital signatures based on MD5 hashes https://bugs.launchpad.net/bugs/312536 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
