From: Fabian K. <fab...@us...> - 2013-03-07 14:11:13
|
Update of /cvsroot/ijbswa/current In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv25516 Modified Files: ChangeLog Log Message: Add ChangeLog entry for enable-proxy-authentication-forwarding Index: ChangeLog =================================================================== RCS file: /cvsroot/ijbswa/current/ChangeLog,v retrieving revision 1.187 retrieving revision 1.188 diff -C2 -d -r1.187 -r1.188 *** ChangeLog 3 Mar 2013 11:25:16 -0000 1.187 --- ChangeLog 7 Mar 2013 14:11:10 -0000 1.188 *************** *** 9,12 **** --- 9,17 ---- could cause memory corruption in configurations that allowed the limit to be reached. + - Proxy authentication headers are removed unless the new directive + enable-proxy-authentication-forwarding is used. Forwarding the + headers potentionally allows malicious sites to trick the user + into providing it with login information. + Reported by Chris John Riley. - Compiles on OS/2 again now that unistd.h is only included on platforms that have it. |