Hello
On 2005-04-29 Luigi Gangitano wrote:
> >> corporate/2.1/SRPMS/squid-2.4.STABLE7-2.6.C21mdk.src.rpm
> >> md5sum: 715494248752557eb0b718f2a4dd34c9
> >
> > ftp://ftp.gwdg.de/pub/linux/mandrake/official/updates/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.6.C21mdk.src.rpm
>
> Great! They didn't fix it (no post patch in it) and added the setcookie
> patch that is not needed prior to 2.5.STABLE7.
>
> Still looking for a proof o concept to test the woody package.
I found the following sentence in the last changelog entry of the Mandriva
package and think it's interesting for those watching this bug:
* Wed Apr 27 2005 Stew Benedict <[EMAIL PROTECTED]>
2.4.STABLE7-2.6.C21mdk
- CAN-2005-0718 - patch not relevant, segfault occurs in an unprotected
call to clientProcessBody, which isn't used in 2.4.STABLE7
In this case I can sleep better although it would be nice if you could get
this confirmed by the Squid developers. If you kindly ask they will probably
even test their PoC exploit against a Debian server even if they do not want
to release it to the public.
bye,
-christian-
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
