GNU bug report logs - #16978
24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities

Previous Next

Package: emacs;

Reported by: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>

Date: Mon, 10 Mar 2014 07:00:02 UTC

Severity: important

Tags: fixed, security

Merged with 16193, 18600

Found in versions 24.3, 24.3.94

Fixed in version 25.1

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ted Zlatanov <tzz <at> lifelogs.com>
To: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
Cc: 16978 <at> debbugs.gnu.org
Subject: bug#16978: 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities
Date: Fri, 21 Mar 2014 06:24:44 -0400

On Thu, 20 Mar 2014 15:39:28 +0100 Lars Magne Ingebrigtsen <larsi <at> gnus.org> wrote: 

LMI> Ted Zlatanov <tzz <at> lifelogs.com> writes:
>> I think the self-signed certificates are the one we can omit, it's a
>> fairly rare use case.

LMI> No, it's quite common for mail servers and the like.

OK.  With a certificate manager UI, do you think this use case is
handled as I proposed, or do we need a more thorough solution here?

Ted

This bug report was last modified 10 years and 178 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #16978 24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities

GNU bug report logs - #16978
24.3; SSL/TLS with multiple man-in-the-middle vulnerabilities