Bug#509063: Upstream bug about WPAD security issues
Andreas Rottmann wrote: As I discovered that libsoup SVN trunk has libproxy as an optional build dependency, I stumbled upon this ITP, and found out that upstream has been made aware of this issue: http://code.google.com/p/libproxy/issues/detail?id=21 Based on that bug, I assume that a future release release will offer Debian these options: 1) Don't ship the offending plugin at all in a/the binary package, or 2) disable the use of the plugin via the default config file I think admins should be free (and in general are, FWIW ;-)) to shoot themselves and the users of the boxes they administer in the proverbial foot, so I'd suggest going with (2). However, I agree that until this feature can be reliably and mandatorily disabled by the admin (and is disabled by a stock Debian install), this package should not enter Debian. The package is already in NEW with WPAD fallback disabled, see http://svn.debian.org/viewsvn/pkg-gnome/packages/unstable/libproxy/debian/patches/50_px-wpad-fallback-env-var.patch?rev=18581view=auto Emilio signature.asc Description: OpenPGP digital signature
Bug#509063: Upstream bug about WPAD security issues
As I discovered that libsoup SVN trunk has libproxy as an optional build dependency, I stumbled upon this ITP, and found out that upstream has been made aware of this issue: http://code.google.com/p/libproxy/issues/detail?id=21 Based on that bug, I assume that a future release release will offer Debian these options: 1) Don't ship the offending plugin at all in a/the binary package, or 2) disable the use of the plugin via the default config file I think admins should be free (and in general are, FWIW ;-)) to shoot themselves and the users of the boxes they administer in the proverbial foot, so I'd suggest going with (2). However, I agree that until this feature can be reliably and mandatorily disabled by the admin (and is disabled by a stock Debian install), this package should not enter Debian. Regards, Rotty -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
