I am the upstream author, and I can confirm this issue.
However, please keep in mind that Polipo is also vulnerable (by
design) to a number of DoS attacks from users. Allowing Polipo to be
used by untrusted users is not recommended in any case.
Juliusz
Package: polipo
Severity: important
Tags: security
polipo 0.9.9 fixes an unspecified security problem that permits attackers
to read files outside of the web root directory.
Please mention the CVE assignment (CAN-2005-3163) when fixing this issue.
Cheers,
Moritz
-- System Information:
D
2 matches
Mail list logo