Bug 608964

Summary:	<www-client/epiphany-3.20.7: Password manager allows HTTP sites to access passwords saved on HTTPS sites
Product:	Gentoo Security	Reporter:	Pacho Ramos <pacho>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	gnome
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [noglsa]
Package list:	www-client/epiphany-3.20.7	Runtime testing required:	---
Bug Depends on:	608958
Bug Blocks:

Description Pacho Ramos gentoo-dev

2017-02-11 14:46:38 UTC

Still no CVE number...

https://bugzilla.gnome.org/show_bug.cgi?id=752738

Comment 1 Pacho Ramos gentoo-dev

2017-02-11 19:25:08 UTC

amd64/x86 stable

Comment 2 Mart Raudsepp gentoo-dev

2017-02-11 19:39:08 UTC

Looks like upstream is unable to get CVE requests responded to in the future and are unhappy about it enough to not bother with CVE requesting anymore. All arches stable, moving to glsa?

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2017-02-13 01:57:43 UTC

GLSA Vote: No


@ Maintainer(s): Please cleanup and drop =www-client/epiphany-3.20.3!

Comment 4 Mart Raudsepp gentoo-dev

2017-03-19 21:49:25 UTC

Pushed 3.22 ~arch update to not be affected by this, and cleaned up both oldstable 3.20.3 and the vulnerable older 3.22.x (to avoid accidentally stabilizing it or something). So cleanup is done.

Comment 5 Aaron Bauman (RETIRED) gentoo-dev

2017-07-09 23:46:50 UTC

Tree is clean.