[Bug 211355] libfetch is vulnerable to httpoxy
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jul 25 06:15:53 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211355
Xin LI <delphij at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |delphij at FreeBSD.org,
| |security-officer at FreeBSD.or
| |g
Assignee|freebsd-bugs at FreeBSD.org |des at FreeBSD.org
--- Comment #1 from Xin LI <delphij at FreeBSD.org> ---
Over to maintainer for triage.
Note that fixing this would break some other applications (assuming we decided
to permanently disallow HTTP_PROXY environment), personally I think it's better
solved at Web server level, as it seems to be no legitimate reason to allow a
remote user to specify proxy server.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list