On 03/25/2012 08:49 AM, intrigeri wrote: > Hi, > > intrigeri wrote (06 Jan 2012 15:53:31 GMT) : >> Hi Juliusz, > >> I'm writing you on behalf of the Tails[0] development team. >> We've been shipping Polipo for years in Tails. > >> We were alerted by Jacob Appelbaum about a few bugs in Polipo that >> could have security consequences. > >> This warning came with a bunch of ideas and patches; not all are >> complete but they may be of some interest to you; in case these >> patches were never submitted to you, please find them attached to >> this email. > >> We would be very interested to read your thoughts about the security >> issues suggested by Jacob. > > Ping? > > Any ETA to comment on the the potential security issues Jacob > Appelbaum alerted us about? >
Those issues are pretty old, I wouldn't be surprised if it was all dead code by now. > Given I'm neither familiar with the code nor with the issues Jacob > reported, I'm not comfortable going the CVE / Debian bugs tagged > security way myself, but I strongly feel someone who cares about > Polipo should do something about it. > >> Besides, our users have reported to us they could not download files >> bigger than chunkHighMark; is it expected? Fixed in Git? We've found >> a related bug report about it there: >> https://trac.torproject.org/projects/tor/ticket/1149 > > This is much less urgent, and should probably not block your > commenting upon the potential security issues. > I think this is actually equally as urgent. You can't use polipo to download tails, right? All the best, Jacob _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev