Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 608964 - <www-client/epiphany-3.20.7: Password manager allows HTTP sites to access passwords saved on HTTPS sites
Summary: <www-client/epiphany-3.20.7: Password manager allows HTTP sites to access pas...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa]
Depends on: CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656, CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373
  Show dependency tree
Reported: 2017-02-11 14:46 UTC by Pacho Ramos
Modified: 2017-07-09 23:46 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Pacho Ramos gentoo-dev 2017-02-11 14:46:38 UTC
Still no CVE number...
Comment 1 Pacho Ramos gentoo-dev 2017-02-11 19:25:08 UTC
amd64/x86 stable
Comment 2 Mart Raudsepp gentoo-dev 2017-02-11 19:39:08 UTC
Looks like upstream is unable to get CVE requests responded to in the future and are unhappy about it enough to not bother with CVE requesting anymore. All arches stable, moving to glsa?
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2017-02-13 01:57:43 UTC
GLSA Vote: No

@ Maintainer(s): Please cleanup and drop =www-client/epiphany-3.20.3!
Comment 4 Mart Raudsepp gentoo-dev 2017-03-19 21:49:25 UTC
Pushed 3.22 ~arch update to not be affected by this, and cleaned up both oldstable 3.20.3 and the vulnerable older 3.22.x (to avoid accidentally stabilizing it or something). So cleanup is done.
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2017-07-09 23:46:50 UTC
Tree is clean.