Description of problem: See upstream bug https://bugzilla.gnome.org/show_bug.cgi?id=738633 and Mageia bug 14296. We either need to upgrade Web (and/or its libsoup dependency) if it's out in time for mga5 or wrap the Epiphany launcher in a bash script that specifically disables SSLv3 in GnuTLS. Version-Release number of selected component (if applicable): 3.14.1 Reproducible: Steps to Reproduce:
Keywords: (none) => TriagedAssignee: bugsquad => olav
Shouldn't we patch gnutls, not Epiphany? I find the GNOME bug to be a bit unreadable. We could add someone workaround/script just for epiphany, but why not just change libsoup and avoid it entirely?
Priority: Normal => release_blocker
Component: RPM Packages => Security
QA Contact: (none) => security
There's nothing to change in GnuTLS, as it doesn't have a POODLE bug (as I explained on the mailing list). The bug is more hype than substance anyway, so just waiting for the updated epiphany version that fixes the issue should be fine, once that's available.
Severity: major => normalPriority: release_blocker => Normal
According to this report, this is now fixed in Cauldron: https://bugs.mageia.org/show_bug.cgi?id=14859#c3
Status: NEW => RESOLVEDResolution: (none) => FIXED