[Bug 956077] New: There are no updates of midori in the openSUSE stable distribution
http://bugzilla.opensuse.org/show_bug.cgi?id=956077 Bug ID: 956077 Summary: There are no updates of midori in the openSUSE stable distribution Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: PC OS: openSUSE 13.2 Status: NEW Severity: Enhancement Priority: P5 - None Component: Other Assignee: bnc-team-screening@forge.provo.novell.com Reporter: comes@naic.edu QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- When there is a new upstream release (which usually contains also bugfixes) of firefox, seamonkey or chromium soon an update for the openSUSE stable distribution (13.1, 13.2, leap?) is released. This does not happen for midori. The current version is 0.5.11 (Tumbleweed) but in 13.2 it is still the one since its release (0.5.8). It would be good to add the update of midori to the stable openSUSE releases too. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=956077 Bernhard Wiedemann <bwiedemann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aloisio@gmx.com, | |lazy.kent@opensuse.org, | |maintenance@opensuse.org -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=956077 http://bugzilla.opensuse.org/show_bug.cgi?id=956077#c2 --- Comment #2 from Giacomo Comes <comes@naic.edu> --- You are correct about everything shipped in the stable distribution except web browsers. Firefox, seamonkey and chromium (thunderbird too) not only receive updates when there is a bugfix update, they are also updated regularly as soon as there is a new upstream release. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=956077 http://bugzilla.opensuse.org/show_bug.cgi?id=956077#c3 Kyrill Detinov <lazy.kent@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |meissner@suse.com Resolution|INVALID |--- --- Comment #3 from Kyrill Detinov <lazy.kent@opensuse.org> --- Well, I understand you. I use Midori myself sometimes. But got the latest running Tumbleweed. I know that Midori is Cinderella in the openSUSE browsers family. I think, we need to ask our Security Team. Reopened then. Marcus, Do we need regular Midori version updates for supported openSUSE distributions from the openSUSE Security Team POV? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=956077 http://bugzilla.opensuse.org/show_bug.cgi?id=956077#c5 --- Comment #5 from Giacomo Comes <comes@naic.edu> --- midori 0.5.8 available in 13.2 has this known problem: when it makes a "secure" connection to a web server with a self signed certificate, the connection is established and the user is not warned of the fact that he is connecting to an untrusted site. midori 0.5.11 instead ask for the user approval before establishing such untrusted connection. I would call this a security issue. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=956077 http://bugzilla.opensuse.org/show_bug.cgi?id=956077#c7 --- Comment #7 from Kyrill Detinov <lazy.kent@opensuse.org> --- I will perform an update for 13.1, 13.2. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=956077 http://bugzilla.opensuse.org/show_bug.cgi?id=956077#c8 --- Comment #8 from Giacomo Comes <comes@naic.edu> --- The update will happen only this time for version 0.5.11 or it will happen also for future release? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=956077 http://bugzilla.opensuse.org/show_bug.cgi?id=956077#c9 --- Comment #9 from Kyrill Detinov <lazy.kent@opensuse.org> --- Giacomo, can you please report a separate bug about midori assigned to "security". -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=956077 http://bugzilla.opensuse.org/show_bug.cgi?id=956077#c10 --- Comment #10 from Giacomo Comes <comes@naic.edu> --- Created Bug #958349. Please be sure the issue with gnome-keyring is fixed in order to make midori work with every desktop. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=956077 http://bugzilla.opensuse.org/show_bug.cgi?id=956077#c11 Karl Cheng <qantas94heavy@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED CC| |qantas94heavy@gmail.com Resolution|--- |INVALID --- Comment #11 from Karl Cheng <qantas94heavy@gmail.com> --- Closing in favour of specific security bug listed in comment 10. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=956077 Luigi Baldoni <aloisio@gmx.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|aloisio@gmx.com | -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com