14842 – Update request for QupZilla - disable SSL v3 button in 1.8.5 (Poodle)

Bug 14842 - Update request for QupZilla - disable SSL v3 button in 1.8.5 (Poodle)

Summary: Update request for QupZilla - disable SSL v3 button in 1.8.5 (Poodle)

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: minor
Target Milestone:	---
Assignee:	Matteo Pasotti
QA Contact:

URL:
Whiteboard:
Keywords:	Triaged

Depends on:
Blocks:

Reported:	2014-12-18 16:08 CET by psyca
Modified:	2015-03-07 17:05 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	qupzilla
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description psyca 2014-12-18 16:08:17 CET

Description of problem:

Its not an problem, just a request to update QupZilla in Cauldron (again), to 1.6.5 (or higher).
1.6.5 allows to block SSLv3 on the browser to prevent Poodle.

Reproducible: 

Steps to Reproduce:

psyca 2014-12-18 16:08:57 CET

Priority: Normal => Low

psyca 2014-12-27 19:37:21 CET

Severity: enhancement => minor
Summary: Update request for QupZilla => Update request for QupZilla - disable SSL v3 button in 1.6.5 (Poodle)
Priority: Low => Normal

Comment 1 Manuel Hiebel 2015-01-20 21:14:05 CET

1.8.3 is in cauldron..

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Source RPM: (none) => qupzilla

Comment 2 psyca 2015-01-20 22:51:03 CET

Sorry. i meant 1.8.5, not 1.6.5.

Resolution: FIXED => (none)
Status: RESOLVED => REOPENED
Summary: Update request for QupZilla - disable SSL v3 button in 1.6.5 (Poodle) => Update request for QupZilla - disable SSL v3 button in 1.8.5 (Poodle)

Manuel Hiebel 2015-01-20 23:07:01 CET

Assignee: bugsquad => matteo.pasotti
Keywords: (none) => Triaged

Comment 3 psyca 2015-02-23 00:41:32 CET

Any news about it? http://www.qupzilla.com

Current is : 1.8.6

David Walser 2015-02-23 00:52:02 CET

CC: (none) => doktor5000

Comment 4 Florian Hubold 2015-02-25 00:16:20 CET

(In reply to psyca from comment #0)
> 1.6.5 allows to block SSLv3 on the browser to prevent Poodle.

Was already possible before 1.6.3, and Qt network stack is actually not vulnerable in general to protocol donwgrade attacks like Poodle.

Please read the qupzilla FAQ:
https://github.com/QupZilla/qupzilla/wiki/FAQ#11-i-am-not-able-to-load-a-specific-https-website-what-can-i-do
or the specific bugreport about Poodle: https://github.com/QupZilla/qupzilla/issues/1493

As we have 1.6.3, closing this one.

We currently have release freeze, where actual reasons need to be provided, not only "we have 1.8.2, but 1.8.6 is the latest version". Sorry but there will always be later versions ...

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED

Comment 5 David Walser 2015-03-07 17:05:06 CET

Fixed in qupzilla-1.8.6-1.mga5.

Note You need to log in before you can comment on or make changes to this bug.