Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 608964

Summary: <www-client/epiphany-3.20.7: Password manager allows HTTP sites to access passwords saved on HTTPS sites
Product: Gentoo Security Reporter: Pacho Ramos <pacho>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: trivial CC: gnome
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 608958    
Bug Blocks:    

Description Pacho Ramos gentoo-dev 2017-02-11 14:46:38 UTC
Still no CVE number...
Comment 1 Pacho Ramos gentoo-dev 2017-02-11 19:25:08 UTC
amd64/x86 stable
Comment 2 Mart Raudsepp gentoo-dev 2017-02-11 19:39:08 UTC
Looks like upstream is unable to get CVE requests responded to in the future and are unhappy about it enough to not bother with CVE requesting anymore. All arches stable, moving to glsa?
Comment 3 Thomas Deutschmann gentoo-dev Security 2017-02-13 01:57:43 UTC
GLSA Vote: No

@ Maintainer(s): Please cleanup and drop =www-client/epiphany-3.20.3!
Comment 4 Mart Raudsepp gentoo-dev 2017-03-19 21:49:25 UTC
Pushed 3.22 ~arch update to not be affected by this, and cleaned up both oldstable 3.20.3 and the vulnerable older 3.22.x (to avoid accidentally stabilizing it or something). So cleanup is done.
Comment 5 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-07-09 23:46:50 UTC
Tree is clean.