Re: [security] Thunderbird vulnerable to MITM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]





On 08/23/2015 07:25 AM, Always Learning wrote:

On Sat, 2015-08-22 at 08:05 -0700, Alice Wonder wrote:

Thunderbird has a MITM vulnerability with its otherwise rather groovy
auto-configuration feature.

https://librelamp.com/FooBird#security

has what I think would be the easiest solution while keeping the
ability to auto-configure stuff.

As for LibreSSL et al, perhaps you could mention all your concerns on
Fedora ? Its the place where, it often seems, everything in Centos
originates from.

You will benefit from your own mailing list/web forum. Your attitude and
concerns are not unique.



I stopped using Fedora because as soon as it was stable it was end of life and I was forced to install a new bleeding edge unstable version.

I do not like bleeding edge for most things, I use mate in CentOS because GNOME 3 is not to my liking, for example, and makes me feel like I am fighting the desktop instead of using the desktop.

I do not know if LibreSSL will ever be part of Fedora or CentOS because FIPS support is not one of the goals of the projects, but FIPS didn't protect anyone from the several OpenSSL vulnerabilities that led to LibreSSL so FIPS is not a concern of mine, but it is a requirement for some places so I suspect it will be difficult for it to enter the Red Hat ecosystem.

RHEL packages need to build against OpenSSL to have FIPS and so Fedora packages will continue to build against OpenSSL. Politics sucks.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux