w3m supports insecure cypher suites
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
w3m (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
PRETTY_NAME="Ubuntu 14.04 LTS"
VERSION="14.04, Trusty Tahr"
Package: w3m
Priority: optional
Section: text
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>
Bugs: https:/
Version: 0.5.3-15
Supported: 5y
Using w3m to visit the site
reveals the following security issue --
QUOTE
Insecure Cipher Suites
Bad Your client supports cipher suites that are known to be insecure:
* TLS_DHE_
* TLS_DHE_
* TLS_DHE_
* TLS_DHE_
* TLS_RSA_
* TLS_RSA_
* TLS_RSA_
* TLS_RSA_
UNQUOTE
information type: | Private Security → Public Security |
Changed in w3m (Ubuntu): | |
status: | New → Confirmed |
To fix this bug, I've uploaded w3m 0.5.3-16 to Debian unstable, weak-ciphers. patch).
with the attached patch (330_Disable-