Bug 1182623
| Summary: | Poodle Vulnerable - SSLv3 not disabled - Check https://www.ssllabs.com/ssltest/viewMyClient.html with midori | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Yuan <longwu.yuan> | ||||
| Component: | midori | Assignee: | Kevin Fenzi <kevin> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 21 | CC: | huzaifas, kevin, martin.sourada, mtasaka, tpopela | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | midori-0.5.9-2.fc20 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-01-17 23:56:01 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Yuan
2015-01-15 15:14:26 UTC
Moving this over to webkitgtk. SSLv3 was disabled there, so we need to see if it was not properly disabled or it's some kind of false positive or the like. In WebKit1 based applications (webkitgtk == WebKit1) it is on the application itself to setup all the things (early during start) to avoid the POODLE vulnerability. See the announcement[0] and the bug[1]. [0] - https://lists.webkit.org/pipermail/webkit-gtk/2014-October/002110.html [1] - https://bugzilla.gnome.org/show_bug.cgi?id=738633 Who said I have webkit1 ? # rpm -qa | grep webkit webkitgtk3-2.4.8-1.fc21.x86_64 webkitgtk-2.4.8-1.fc21.x86_64 # cat /etc/issue Fedora release 21 (Twenty One) Kernel \r on an \m (\l) # uname -a Linux mypc.loc.do 3.17.8-300.fc21.x86_64 #1 SMP Thu Jan 8 23:32:49 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux # yum -y update Loaded plugins: langpacks No packages marked for update # You said (and I stated it in my comment). Midori is using webkitgtk and that is WebKit1. First I want to apologise sincerely for inappropriate comment. Next, I made wrong assumption and I did not give attention to the clear indication you provided i.e. webkitgtk == WebKit1. I am very sorry and I will avoid such behaviour in future. I think I am unreasonable disturbed that I have to work more after keeping Fedora21 updated. I apologise Tomas. Forgive me. @All, so will this bug be closed or do I have to look for a distro that ships WEbkit2 by default or just use Firefox. I sincerely apologise for misbehaving and hope to get some advise on what to do besides tweaking webkitgtk. @Yuan: No reasons to apologize. We ship WebKit2 by default (in F21 it is in webkitgtk4 package, but Midori doesn't use it (you can try Epiphany (Web) application that's using it)). But anyway, someone have to check if Midori is actually doing anything against the POODLE. ok. I misread the webkit1 information here. ;) Will push a patched midori here in a few with -SSLv3 support. midori-0.5.9-2.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/midori-0.5.9-2.fc21 midori-0.5.9-2.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/midori-0.5.9-2.fc20 midori-0.5.9-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. midori-0.5.9-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |