CVE-2010-3900

Publication date 14 October 2010

Last updated 24 July 2024


Ubuntu priority

Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312.

Read the notes from the security team

Status

Package Ubuntu Release Status
midori 13.10 saucy
Not affected
13.04 raring
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick Ignored end of life
10.04 LTS lucid Ignored end of life
9.10 karmic Ignored end of life
9.04 jaunty Ignored end of life
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Not in release

Notes


jdstrand

per micahg, uses system webkit and libsoup, which is now fixed


micahg

per mdeslaur, cve descriptions can be wrong and this still needs triage