2010-04-19 07:57:41 |
Rune Philosof |
bug |
|
|
added bug |
2010-04-19 11:37:30 |
Rickard Närström |
bug task added |
|
launchpad |
|
2010-04-19 11:37:47 |
Rickard Närström |
ubuntu: status |
New |
Invalid |
|
2010-04-19 11:38:49 |
Rickard Närström |
security vulnerability |
no |
yes |
|
2010-04-19 11:39:19 |
Rickard Närström |
cve linked |
|
2009-3555 |
|
2010-04-19 12:31:23 |
Søren Bredlund Caspersen |
bug task added |
|
ubuntu-website |
|
2010-04-19 12:56:48 |
Curtis Hovey |
affects |
launchpad |
launchpad-foundations |
|
2010-04-19 16:40:59 |
Matthew Nuzum |
ubuntu-website: assignee |
|
The Canonical Sysadmins (canonical-sysadmins) |
|
2010-04-23 17:59:34 |
Gary Poster |
launchpad-foundations: status |
New |
Fix Released |
|
2010-07-15 16:31:12 |
Gary Poster |
bug watch added |
|
https://bugzilla.mozilla.org/show_bug.cgi?id=554594 |
|
2010-07-15 16:31:26 |
Gary Poster |
launchpad-foundations: status |
Fix Released |
Triaged |
|
2010-07-15 16:31:30 |
Gary Poster |
launchpad-foundations: importance |
Undecided |
High |
|
2010-07-16 14:17:11 |
Gary Poster |
launchpad-foundations: assignee |
|
Robert Collins (lifeless) |
|
2010-07-30 16:48:53 |
Sam_ |
attachment added |
|
Errorconsole.png http://launchpadlibrarian.net/52742803/Errorconsole.png |
|
2010-08-02 03:41:11 |
Robert Collins |
launchpad-foundations: status |
Triaged |
Won't Fix |
|
2010-08-02 03:43:39 |
Robert Collins |
description |
Using firefox open http://wiki.ubuntu.com or https://launchpad.net and look in the error console.
You will see this message:
site : potentially vulnerable to cve-2009-3555 |
Symptoms
========
Using firefox open http://wiki.ubuntu.com or https://launchpad.net and look in the error console.
You will see this message:
site : potentially vulnerable to cve-2009-3555
Cause
=====
We have disabled part of the TLS in order to prevent being affected by the mentioned CVE - launchpad is not vulnerable, and the browser warning is spurious : https://bugzilla.mozilla.org/show_bug.cgi?id=554594 documents this.
We will in due course have a newer libopenssl deployed onto our servers, but as this is, at most, cosmetic we're not planning on a special deployment for the moment - we will run with the version that is in Ubuntu's current LTS release. As of August 2010 Launchpad is about to upgrade to Lucid, which may give us the newer libopenssl.
Workaround
==========
Ignore the warning in your browser. |
|
2011-01-04 18:08:44 |
Matthew Nuzum |
ubuntu-website: status |
New |
Won't Fix |
|
2012-08-09 23:47:26 |
William Grant |
removed subscriber Launchpad Security |
|
|
|