On 25 Sep 2011, at 20:06, Philipp Kern pk...@debian.org wrote:
You can actually recompile them to ship with your own certs. But you
cannot quote non-existent configuration files not being in /etc as a
reason for a policy violation and hence upgrade it to serious, sorry.
Kind regards
Severity: severe
Hi,
This bug is still here in Squeeze and is now even more annoying.
Now that murmurd checks for it's own cert validity, it refuses to accept any
connexion if the certificate is not signed by an authority contained in the CA
bundle embedded in /usr/lib/libQtNetwork.so.4
So
I think that this package is in violation of Debian policy :
http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files
The data contained in /usr/lib/libQtNetwork.so.4 affects the operation of a
program, or provides site- or host-specific information, or otherwise
customizes the
Package: libqt4-network
Version: 4.4.3-1
Severity: grave
Justification: user security hole
Tags: patch security
Applications using QT SSL Layer fail to verify SSL encrypted connexion
because system-wide installed certificates authorities are not read (can
be verified with strace)
For example,
Hi,
Reading this bug report on mumble might help you to analyse the problem :
https://sourceforge.net/tracker/?func=detailaid=2793899group_id=147372atid=768005
Regards,
François.
--
To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
5 matches
Mail list logo