Bug 14842

Summary: Update request for QupZilla - disable SSL v3 button in 1.8.5 (Poodle)
Product: Mageia Reporter: psyca <linux>
Component: RPM PackagesAssignee: Matteo Pasotti <matteo.pasotti>
Status: RESOLVED FIXED QA Contact:
Severity: minor    
Priority: Normal CC: doktor5000
Version: CauldronKeywords: Triaged
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: qupzilla CVE:
Status comment:

Description psyca 2014-12-18 16:08:17 CET 
Description of problem:

Its not an problem, just a request to update QupZilla in Cauldron (again), to 1.6.5 (or higher).
1.6.5 allows to block SSLv3 on the browser to prevent Poodle.

Reproducible: 

Steps to Reproduce:
psyca 2014-12-18 16:08:57 CET

Priority: Normal => Low

psyca 2014-12-27 19:37:21 CET

Severity: enhancement => minor
Summary: Update request for QupZilla => Update request for QupZilla - disable SSL v3 button in 1.6.5 (Poodle)
Priority: Low => Normal

Comment 1 Manuel Hiebel 2015-01-20 21:14:05 CET 
1.8.3 is in cauldron..

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Source RPM: (none) => qupzilla

Comment 2 psyca 2015-01-20 22:51:03 CET 
Sorry. i meant 1.8.5, not 1.6.5.

Resolution: FIXED => (none)
Status: RESOLVED => REOPENED
Summary: Update request for QupZilla - disable SSL v3 button in 1.6.5 (Poodle) => Update request for QupZilla - disable SSL v3 button in 1.8.5 (Poodle)

Manuel Hiebel 2015-01-20 23:07:01 CET

Assignee: bugsquad => matteo.pasotti
Keywords: (none) => Triaged

Comment 3 psyca 2015-02-23 00:41:32 CET 
Any news about it? http://www.qupzilla.com

Current is : 1.8.6
David Walser 2015-02-23 00:52:02 CET

CC: (none) => doktor5000

Comment 4 Florian Hubold 2015-02-25 00:16:20 CET 
(In reply to psyca from comment #0)
> 1.6.5 allows to block SSLv3 on the browser to prevent Poodle.

Was already possible before 1.6.3, and Qt network stack is actually not vulnerable in general to protocol donwgrade attacks like Poodle.

Please read the qupzilla FAQ:
https://github.com/QupZilla/qupzilla/wiki/FAQ#11-i-am-not-able-to-load-a-specific-https-website-what-can-i-do
or the specific bugreport about Poodle: https://github.com/QupZilla/qupzilla/issues/1493

As we have 1.6.3, closing this one.

We currently have release freeze, where actual reasons need to be provided, not only "we have 1.8.2, but 1.8.6 is the latest version". Sorry but there will always be later versions ...

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED

Comment 5 David Walser 2015-03-07 17:05:06 CET 
Fixed in qupzilla-1.8.6-1.mga5.