[Secure-testing-team] Bug#745835: lynx-cur: certificate revocation is not checked
Vincent Lefevre
vincent at vinc17.net
Fri Apr 25 17:41:31 UTC 2014
Package: lynx-cur
Version: 2.8.8pre5-1
Severity: grave
Tags: security
Justification: user security hole
Certificate revocation is not checked: lynx opens
https://www.cloudflarechallenge.com/
without any warning or error, contrary to Firefox (and to Chromium
when the CRLSet is up-to-date).
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.11-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages lynx-cur depends on:
ii libbsd0 0.6.0-2
ii libbz2-1.0 1.0.6-5
ii libc6 2.18-4
ii libgcrypt11 1.5.3-4
ii libgnutls26 2.12.23-14
ii libidn11 1.28-2
ii libncursesw5 5.9+20140118-1
ii libtinfo5 5.9+20140118-1
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages lynx-cur recommends:
ii mime-support 3.54
lynx-cur suggests no packages.
-- debconf information:
lynx-cur/defaulturl: http://www.vinc17.org/
lynx-cur/etc_lynx.cfg:
More information about the Secure-testing-team
mailing list