[Replicant] [PATCH 3/5] freedom-privacy-security-issues: Adapt the note about security issues with the webview

Paul Kocialkowski contact at paulk.fr
Wed Jun 7 06:57:11 UTC 2017


Hi,

Le jeudi 16 mars 2017 à 00:01 +0100, Wolfgang Wiedmeyer a écrit :
> Signed-off-by: Wolfgang Wiedmeyer <wolfgit at wiedmeyer.de>

Does this mean that the issue was fixed in 4.2 and is still there in 6.0?
That would be quite surprising!

If both version are still affected, we probably should keep mentioning both, as
Replicant 4.2 is still maintained.

> ---
>  freedom-privacy-security-issues.php | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security-
> issues.php
> index 5c05d62..ceb15a5 100644
> --- a/freedom-privacy-security-issues.php
> +++ b/freedom-privacy-security-issues.php
> @@ -159,7 +159,7 @@
>  					<li>Using <a href="//www.torproject.o
> rg/">Tor</a>; to achieve reliable anonymity, for instance with <a href="//www.
> torproject.org/docs/android.html.en">Orbot</a>; on Replicant.</li>
>  					<li>Using <a href="https://silence.im
> /">Silence</a>; to encrypt SMS messages.</li>
>  					<li>If the device is telephony-
> enabled, switching the modem to airplane mode or (when possible) turning it
> off when not in use, to avoid being tracked at all times.</li>
> -					<li>Browsers using the webview
> framework (such as the browser shipped with Replicant and <a href="https://git
> hub.com/anthonycr/Lightning-Browser">Lightning</a>;) are subject to <a href="h
> ttps://community.rapid7.com/community/metasploit/blog/2015/01/11/google-no-
> longer-provides-patches-for-webview-jelly-bean-and-prior">various security
> flaws</a> in Replicant 4.2.</li>
> +					<li>Browsers using the webview
> framework (such as the browser shipped with Replicant and <a href="https://git
> hub.com/anthonycr/Lightning-Browser">Lightning</a>;) are subject to <a
> href="//redmine.replicant.us/issues/1780">various security flaws</a> in
> Replicant 6.0.</li>
>  				</ul>
>  				In addition, the <a href="//www.fsf.org/">Fre
> e Software Foundation</a> provides a <a href="//www.fsf.org/campaigns/surveill
> ance">comprehensive guide to help protect freedom and privacy</a>.
>  			</p>
-- 
Paul Kocialkowski, developer of free digital technology and hardware support

Website: https://www.paulk.fr/
Coding blog: https://code.paulk.fr/
Git repositories: https://git.paulk.fr/ https://git.code.paulk.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20170607/c77da003/attachment.asc>


More information about the Replicant mailing list