<< 1. Februar 2010 | Home | 3. Februar 2010 >> | Kontakt

new polipo version

bug fix release

Christopher Davis released a new version for polipo. I made also an update for the FreeBSD port.


Polipo contains several security and 
stability fixes over 1.0.4.

31 January 2010: Polipo
  Cherry-picked fixes from 1.0.5
  * Fixed an integer overflow that may lead to a 
    crash (http://secunia.com/advisories/37607/).
    Discovered by Jeremy Brown. (CVE-2009-4413)
  * Fixed a crash that occurs when a server sends 
    a malformed Cache-Control: header (CVE-2009-3305).
    Patch from Stefan Fritsch.
  * Prevent an infinite loop when a bodyless 204 or 
    1xx response is encountered.
  * Don't crash when we get an error while waiting 
    for 100 continue status.