Package: squid Version: 2.5.10-6 Severity: critial Tags: security patch Hi Luigi!
There is a new buffer overflow in Squid: | ====================================================== | Candidate: CVE-2005-3258 | URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3258 | Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape | | The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and | earlier allows remote FTP servers to cause a denial of service | (segmentation fault) via certain crafted responses. (Please note the recent Mitre name change, vulnerabilities now have the CVE prefix, not CAN any more). In addition, I just noticed that in version 2.5.10-6 you added a security patch 46-ntlm-scheme-assert.dpatch which is not actually applied in 00list. Please add it. (One of the reasons why I hate dpatch :-/ ). Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
