Mangelnde Prüfung von Schlüsseln in webkitgtk3
ID: | FEDORA-2015-4138 |
Distribution: | Fedora |
Plattformen: | Fedora 20 |
Datum: | Sa, 4. April 2015, 11:23 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2330 |
Applikationen: | WebKitGTK |
Originalnachricht |
|
Name : webkitgtk3 Product : Fedora 20 Version : 2.2.8 Release : 3.fc20 URL : http://www.webkitgtk.org/ Summary : GTK+ Web content engine library Description : WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2015-2330, late TLS certificate verification. This issue affects applications using the WebKit 2 API that opt-in to connection failures using WEBKIT_TLS_ERRORS_POLICY_FAIL. No applications included in Fedora 20 are known to be impacted by this issue as none are known to use WEBKIT_TLS_ERRORS_POLICY_FAIL; however, if you develop an application using WebKit 2 it may be affected. Note that applications that do not use this policy cannot be secure. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 17 2015 Michael Catanzaro |