Package: polipo Version: 0.9.12-1 Severity: grave Tags: security Hi,
A vulnerability has been found in polipo that allows a remote attacker to crash the daemon via an overly large "Content-Length" header. The vulnerability is caused by connection->reqlen (in client.c: httpClientDiscardBody()) being a signed integer which can be overflowed turning it into a negative value which later leads to a segmentation fault in the call to memmove. If you fix this vulnerability please include the CVE id in your changelog entry, when one is assigned. Please work with the security team to fix this vulnerability in the stable and oldstable releases. For further information see: http://www.exploit-db.com/exploits/10338 http://secunia.com/advisories/37607/ Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
