Candidate: CVE-2010-3900
PublicDate: 2010-10-14 05:58:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3900
Description:
 Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before
 2.29.91 is used, does not verify X.509 certificates, which allows
 man-in-the-middle attackers to spoof arbitrary https web sites via a
 crafted server certificate, a related issue to CVE-2010-3312.
Ubuntu-Description:
Notes:
 jdstrand> per micahg, uses system webkit and libsoup, which is now fixed
 micahg> per mdeslaur, cve descriptions can be wrong and this still needs triage
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_midori:
upstream_midori: released (0.2.7-1.1)
dapper_midori: DNE
hardy_midori: ignored (reached end-of-life)
jaunty_midori: ignored (reached end-of-life)
karmic_midori: ignored (reached end-of-life)
lucid_midori: ignored (reached end-of-life)
maverick_midori: ignored (reached end-of-life)
natty_midori: not-affected (0.2.7-1.1)
oneiric_midori: not-affected (0.2.7-1.1)
precise_midori: not-affected (0.2.7-1.1)
quantal_midori: not-affected (0.2.7-1.1)
raring_midori: not-affected (0.2.7-1.1)
saucy_midori: not-affected (0.2.7-1.1)
devel_midori: not-affected (0.2.7-1.1)