Le lundi, 21 mars 2016, 11.03:13 h CET Thorsten Glaser a écrit : > Package: konqueror > Version: 4:15.08.3-1 > Severity: grave > Tags: security > Justification: user security hole > > See attached screenshot – konqueror does not error out when the > certificate is expired and even shows a green checkbox. (I may > or may not have ACK’d the certificate in an earlier session, I > don’t know right now, but showing a green checkbox is still > wrong.) https://expired.identrustssl.com/ is an online example to test that use-case, which I can reproduce. konqueror is RC-buggy in stretch because of that (IMHO rightful) bug. It is also plagued by other bugs, I wonder if konqueror should really be shipped in stretch. How feasible is it to remove it ? -- OdyX
Attachment:
signature.asc
Description: This is a digitally signed message part.