First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 190617
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Pierre-Yves Rofes <py@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 190617 depends on: Show dependency tree
Bug 190617 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-08-29 08:46 0000 
A vulnerability has been reported in Polipo, which potentially can be exploited
by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error when handling POST
requests that were aborted by the server. This can be exploited to e.g. crash
the Polipo service by tricking a user into connecting to a malicious server.

The vulnerability is reported in versions prior to 1.0.2.

Note: This also fixes a crash when handling entities larger than 2 GB.

Solution:
Update to version 1.0.2.

------- Comment #1 From Pierre-Yves Rofes 2007-08-29 08:47:48 0000 ------- 
setting status / cc'ing. net-proxy, please provide updated ebuild.

------- Comment #2 From Alin Năstac 2007-08-29 09:01:04 0000 ------- 
Version 1.0.2 is now in the tree.

Arch teams, please test and mark it stable.

------- Comment #3 From Pierre-Yves Rofes 2007-08-29 09:10:43 0000 ------- 
great, thanks for the reactivity :)

------- Comment #4 From Angelo Arrifano 2007-08-31 23:41:03 0000 ------- 
net-proxy/polipo-1.0.2

1. Emerges on AMD64.
2. Collision with /usr/info/dir

------- Comment #5 From Alin Năstac 2007-09-01 06:26:57 0000 ------- 
Fixed in -r1. Now it installs man and info pages in /usr/share/man respectively
/usr/share/info.

------- Comment #6 From Angelo Arrifano 2007-09-01 23:21:11 0000 ------- 
net-proxy/polipo-1.0.2

1. Emerges on AMD64.
2. No collisions
3. It's a very easy to configure http proxy server.
   Browsed some webpages through proxy using cache. All OK.

------- Comment #7 From Angelo Arrifano 2007-09-01 23:24:25 0000 ------- 
net-proxy/polipo-1.0.2-r1

1. Emerges on AMD64.
2. No collisions
3. It's a very easy to configure http proxy server.
   Browsed some webpages through proxy using cache. All OK.

PS: The test was on r1. Sorry!

------- Comment #8 From Christoph Mende 2007-09-01 23:51:37 0000 ------- 
amd64 stable

------- Comment #9 From Christian Faulhammer 2007-09-02 20:42:44 0000 ------- 
x86 stable, last arch, GLSA voting now open

------- Comment #10 From Pierre-Yves Rofes 2007-09-03 07:57:28 0000 ------- 
thanks Christian.
I tend to vote NO.

------- Comment #11 From Sune Kloppenborg Jeppesen 2007-09-08 15:49:18 0000 ------- 
Voting NO.

------- Comment #12 From Matt Drew 2007-09-09 22:34:21 0000 ------- 
I vote no, kick it to the curb.

------- Comment #13 From Sune Kloppenborg Jeppesen 2007-09-10 06:23:10 0000 ------- 
Closing without GLSA.
First Last Prev Next    No search results available      Search page      Enter new bug