On Thu, December 1, 2016 5:07 am, Jeremie Courreges-Anglas wrote:
> Jeremie Courreges-Anglas <j...@wxcvbn.org> writes:
>> trondd <tro...@kagu-tsuchi.com> writes:
>>> Update links+ to 2.14
>>> Fixes some security related issues:
>>> * Limit keepalive of ciphers with 64-bit block size to mitigate
>>> the SWEET32 attack
>>> * Improved tor hardening - when the user toggles the "Only Proxies"
>>> option
>>> (i.e. when connecting to tor), we reset certain other options to their
>>> default values, so that it is not possible to identify user behind tor
>>> based on the selected options.
>>> * Security bug fixed: Don't load or render the content of
>>> "407 Proxy Authentication Required" reply when using https proxy.
>>> This avoids the FalseCONNECT attack.
>>> Also, don't allow 401 and 407 responses to set cookies.
>> Should this be backported to -stable?
> It appears so, as discussed with Tim.  Could someone give this a shot
> on -stable?  Please include the output of
> ''make port-lib-depends-check''.

I built it on -stable last night, but with my own diff.  It built and ran
without X.  I won't have access to a -stable system with X until later
today.  I don't recall any problem with lib-depends-check.  I can run your
diff on another non-gui -stable right now and double check the depends.


Reply via email to