Hi,
intrigeri wrote (06 Jan 2012 15:53:31 GMT) :
> Hi Juliusz,
> I'm writing you on behalf of the Tails[0] development team.
> We've been shipping Polipo for years in Tails.
> We were alerted by Jacob Appelbaum about a few bugs in Polipo that
> could have security consequences.
> This warning came with a bunch of ideas and patches; not all are
> complete but they may be of some interest to you; in case these
> patches were never submitted to you, please find them attached to
> this email.
> We would be very interested to read your thoughts about the security
> issues suggested by Jacob.
Ping?
Any ETA to comment on the the potential security issues Jacob
Appelbaum alerted us about?
Given I'm neither familiar with the code nor with the issues Jacob
reported, I'm not comfortable going the CVE / Debian bugs tagged
security way myself, but I strongly feel someone who cares about
Polipo should do something about it.
> Besides, our users have reported to us they could not download files
> bigger than chunkHighMark; is it expected? Fixed in Git? We've found
> a related bug report about it there:
> https://trac.torproject.org/projects/tor/ticket/1149
This is much less urgent, and should probably not block your
commenting upon the potential security issues.
