[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#509063: Upstream bug about WPAD security issues

Andreas Rottmann wrote:
> As I discovered that libsoup SVN trunk has libproxy as an optional build
> dependency, I stumbled upon this ITP, and found out that upstream has
> been made aware of this issue:
> http://code.google.com/p/libproxy/issues/detail?id=21
> Based on that bug, I assume that a future release release will offer
> Debian these options:
> 1) Don't ship the offending plugin at all in a/the binary package, or
> 2) disable the use of the plugin via the default config file
> I think admins should be free (and in general are, FWIW ;-)) to shoot
> themselves and the users of the boxes they administer in the proverbial
> foot, so I'd suggest going with (2).
> However, I agree that until this "feature" can be reliably and
> mandatorily disabled by the admin (and is disabled by a stock Debian
> install), this package should not enter Debian.

The package is already in NEW with WPAD fallback disabled, see



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: