On Thu, Mar 06, 2014 at 02:02:38PM +0800, Rolf Leggewie wrote: > apart from the patch for CVE-2011-3596
On Sat, Jan 11, 2014 at 01:11:02AM +0100, Juliusz Chroboczek wrote: > > commit 0e2b44af619e46e365971ea52b97457bc0778cd3 > > Author: Christopher Davis <[email protected]> > > Date: Mon Jan 11 18:55:41 2010 -0800 > > That's full of bugs. Out of curiosity, why are you keeping a patch which is considered "full of bugs" by upstream? Note that Debian picked the patch from the Redhat bugtracker: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644289#15 But Redhat has been much more conservative since they prefered to leave the bug open rather than applying a patch refused by upstream: https://bugzilla.redhat.com/show_bug.cgi?id=742891#c6 Is this CVE so serious that it is worse introducing bugs? Best, -- Gabriel ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ Polipo-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/polipo-users
