package: pound severity: important tags: security The current version of pound in Sarge (1.8.2) is a beta release with a buffer overflow issue. Pound 1.9 is the first non-beta release since Pound 1.8.
Changes in version 1.9: - Added the VerifyList configuration flag (CA root certs + CRL) - CRL checking code - RewriteRedirect 2 - ignores port value for host matching - Added -c flag (check-only mode) - Added -v flag (verbose mode) - Added -p flag for pid file name Problems fixed: - fixed a potential buffer overflow problem (in checking the Host header) - added call to SSL_library_init - added a check for MSIE before forcing SSL shutdown - X-SSL-Cipher header is added only if HTTPSHeaders is non-zero - added code for shorter linger on badly closed connections (IE work-around) - fixed the locking for session checking (mutex_lock/unlock) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
