oss-sec mailing list archives
Re: CVE request: gajim - code execution and sql injection
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 08 Apr 2012 23:21:11 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/08/2012 07:33 PM, Carlos Alberto Lopez Perez wrote:
On 08/04/12 17:59, Kurt Seifried wrote:On a side note: if you want a free SSL certificate please use something like http://cert.startcom.org/ which is included within most browsers. cacert.org is not included in any (that I know of) browsers, I have no idea what the cacert practices are (and I can't find any documentation on their site) so there's no way that root key will be loaded by myself (and most people I know).Cacert.org CA is trusted by the majority of Linux/BSD distributions and therefore for any browser running on it. http://wiki.cacert.org/InclusionStatus
According to the page you quote it's not in any Mozilla browsers by default (or any major web browser that I can see), it's not in Fedora or Red Hat Enterprise Linux or any derivatives of Red Hat Enterprise Linux, or Ubuntu or SuSE Linux to name a few (not to mention Mac OS X or Windows). I don't understand why people choose a widely unsupported CA when there are widely supported CAs like StartCom that offer free certificates. Please, use supported CAs. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPgnHHAAoJEBYNRVNeJnmTvDIQAJ19AwyVYj/gXlrcXW7pw+W2 xLi1NOx7F9x+wTCW9scPr5JqzofJLkWEf7XUwGPIIm6Nv18XfZERit7pOQhzyIVy vUid2H7E+7vSx/7eGRcNXI7B8R0vBGNGcs4Pup0+RSVI5kW4UAjngRAEVXSablRQ E8ZrB/mAEsvogGpvg5+cIVPqP07XZWou8QAc2ovxveeXS5AA1xh4ePPPI9L+iXyz ktkwUqF+oS/l4Im0o1ldLcUCBlcSmdFP592XZId9jT20yb9BUC36lZn1ZLhh+zQc yiTADc+Xeo5e7ricov3ilUZo4bQy+4JcNLCY8EG/VF2F2U1l0lpebNbL8ZtcgluM gb1gzAZUizVfvutI2xvVmneNeRpZ5fzbCGcVIKYexxNHuCxl7XRnmBYeqgKT2Tia Sn6eKs/bh+J3w0Tw0wZFA7bOOhOCQR8/MKWHGU0VTgco/8YPTvAp/aVuMr/CeJzR K8KtvIu/oYazGVsG/7ZxNDobH9kn4jTsoORnFatrjQLda6fLo6vJjN1BIlbKDvkc xg1IecOzNpbf9Wnen8RaD93rQCIc5bl7ouq5migfkE0wGHDdfGVicnxBbQm8VvyV uUTG2Gcq6fLV3m1I6/Xx9dZ3/Wij5bsl71cIxhHSGyJtoLkCuBeh8ZfxU78WMuqR Ib7Q80Uio8yb/B0+Bt1r =q3NF -----END PGP SIGNATURE-----
Current thread:
- CVE request: gajim - code execution and sql injection David Black (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Carlos Alberto Lopez Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Yves-Alexis Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Carlos Alberto Lopez Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)