desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #76973
[Bug 1383512] Re: SSL 3.0 is vulnerable, browser should not use
The attachment "chromium_poodle.patch" seems to be a patch. If it
isn't, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]
** Tags added: patch
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1383512
Title:
SSL 3.0 is vulnerable, browser should not use
Status in “chromium-browser” package in Ubuntu:
New
Bug description:
Release:14.04.1
Version: 37.0.2062.120-0ubuntu0.14.04.1~pkg1049
The Chromium browser requires an additonal flag to be specified at
invocation to avoid falling back kto SSL 3.0 which is a vulnerable
protocol. This option/flag should be specified by default. SSL 3.0
is slated to be removed in the future, so the impact of this change is
inevitable.
More detail at:
http://www.kb.cert.org/vuls/id/577193
Browser reconfiguration info can be found at:
http://nakedsecurity.sophos.com/poodle-some-tips-for-turning-off-ssl-3-0/
For Ubuntu, the attached patch should be sufficient.
(chromium_poodle.patch)
-Matt
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1383512/+subscriptions
References