[Secure-testing-team] Bug#745646: chromium: certificate revocation is not checked

Vincent Lefevre vincent at vinc17.net
Wed Apr 23 18:07:34 UTC 2014 

Package: chromium
Version: 34.0.1847.116-2
Severity: grave
Tags: security
Justification: user security hole

Certificate revocation is not checked: chromium gives no errors on

  https://www.cloudflarechallenge.com/

contrary to Iceweasel. See attached snapshot.

It seems to be a Debian specific bug.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages chromium depends on:
ii  chromium-inspector   34.0.1847.116-2
ii  gconf-service        3.2.6-2
ii  libasound2           1.0.27.2-3
ii  libatk1.0-0          2.12.0-1
ii  libc6                2.18-4
ii  libcairo2            1.12.16-2
ii  libcap2              1:2.22-1.2
ii  libcups2             1.7.2-1
ii  libdbus-1-3          1.8.0-3
ii  libexpat1            2.1.0-4
ii  libfontconfig1       2.11.0-5
ii  libfreetype6         2.5.2-1
ii  libgcc1              1:4.9-20140411-2
ii  libgconf-2-4         3.2.6-2
ii  libgcrypt11          1.5.3-4
ii  libgdk-pixbuf2.0-0   2.30.6-1
ii  libglib2.0-0         2.40.0-2
ii  libgnome-keyring0    3.8.0-2
ii  libgtk2.0-0          2.24.23-1
ii  libjpeg8             8d-2
ii  libnspr4             2:4.10.4-1
ii  libnss3              2:3.16-1
ii  libpango-1.0-0       1.36.3-1
ii  libpangocairo-1.0-0  1.36.3-1
ii  libspeechd2          0.8-6
ii  libspeex1            1.2~rc1.1-1
ii  libstdc++6           4.9-20140411-2
ii  libudev1             204-8
ii  libx11-6             2:1.6.2-1
ii  libxcomposite1       1:0.4.4-1
ii  libxdamage1          1:1.1.4-1
ii  libxext6             2:1.3.2-1
ii  libxfixes3           1:5.0.1-1
ii  libxi6               2:1.7.2-1
ii  libxml2              2.9.1+dfsg1-3
ii  libxrender1          1:0.9.8-1
ii  libxslt1.1           1.1.28-2
ii  libxss1              1:1.2.2-1
ii  libxtst6             2:1.2.2-1
ii  xdg-utils            1.1.0~rc1+git20111210-7

chromium recommends no packages.

Versions of packages chromium suggests:
pn  chromium-l10n  <none>
pn  mozplugger     <none>

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chromium.png
Type: image/png
Size: 31552 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20140423/9f5fb803/attachment-0001.png>

More information about the Secure-testing-team mailing list