-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
notfound 334882 2.5.10-6
notfound 334882 2.5.9-10sarge2
thanks
Hi Martin,
thanks for reporting this. Actually this bug was introduced in a
patch to squid-2.5.STABLE10 that has never been applied to a debian
package. So Debian is not affected. I did not upload any package
based on squid-2.5.STABLE11 since upstream stated that this release
is known to be badly broken.
I just fixed the missing patch for the previous bug and will upload
it shortly.
Regards,
L
Il giorno 20/ott/05, alle ore 15:42, Martin Pitt ha scritto:
Package: squid
Version: 2.5.10-6
Severity: critial
Tags: security patch
Hi Luigi!
There is a new buffer overflow in Squid:
| ======================================================
| Candidate: CVE-2005-3258
| URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3258
| Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/
bugs/#squid-2.5.STABLE11-rfc1738_do_escape
|
| The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and
| earlier allows remote FTP servers to cause a denial of service
| (segmentation fault) via certain crafted responses.
(Please note the recent Mitre name change, vulnerabilities now have
the CVE prefix, not CAN any more).
In addition, I just noticed that in version 2.5.10-6 you added a
security patch 46-ntlm-scheme-assert.dpatch which is not actually
applied in 00list. Please add it. (One of the reasons why I hate
dpatch :-/ ).
- --
Luigi Gangitano -- <[EMAIL PROTECTED]> -- <[EMAIL PROTECTED]>
GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972 C24A F19B A618 924C 0C26
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFDWCOK8ZumGJJMDCYRAkl8AJ4+q4bO6tuqooGurq+jFS4atHHadwCdEj13
b1DFe5tCKz1i0OepEwxbuU8=
=VAxc
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]