Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 608964 - <www-client/epiphany-3.20.7: Password manager allows HTTP sites to access passwords saved on HTTPS sites
Summary: <www-client/epiphany-3.20.7: Password manager allows HTTP sites to access pas...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on: CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656, CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2369, CVE-2017-2371, CVE-2017-2373
Blocks:
  Show dependency tree
 
Reported: 2017-02-11 14:46 UTC by Pacho Ramos
Modified: 2017-07-09 23:46 UTC (History)
1 user (show)

See Also:
Package list:
www-client/epiphany-3.20.7
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pacho Ramos gentoo-dev 2017-02-11 14:46:38 UTC
Still no CVE number...

https://bugzilla.gnome.org/show_bug.cgi?id=752738
Comment 1 Pacho Ramos gentoo-dev 2017-02-11 19:25:08 UTC
amd64/x86 stable
Comment 2 Mart Raudsepp gentoo-dev 2017-02-11 19:39:08 UTC
Looks like upstream is unable to get CVE requests responded to in the future and are unhappy about it enough to not bother with CVE requesting anymore. All arches stable, moving to glsa?
Comment 3 Thomas Deutschmann gentoo-dev Security 2017-02-13 01:57:43 UTC
GLSA Vote: No


@ Maintainer(s): Please cleanup and drop =www-client/epiphany-3.20.3!
Comment 4 Mart Raudsepp gentoo-dev 2017-03-19 21:49:25 UTC
Pushed 3.22 ~arch update to not be affected by this, and cleaned up both oldstable 3.20.3 and the vulnerable older 3.22.x (to avoid accidentally stabilizing it or something). So cleanup is done.
Comment 5 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-07-09 23:46:50 UTC
Tree is clean.