Hello On 2005-04-29 Luigi Gangitano wrote: > >> corporate/2.1/SRPMS/squid-2.4.STABLE7-2.6.C21mdk.src.rpm > >> md5sum: 715494248752557eb0b718f2a4dd34c9 > > > > ftp://ftp.gwdg.de/pub/linux/mandrake/official/updates/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.6.C21mdk.src.rpm > > Great! They didn't fix it (no post patch in it) and added the setcookie > patch that is not needed prior to 2.5.STABLE7. > > Still looking for a proof o concept to test the woody package.
I found the following sentence in the last changelog entry of the Mandriva package and think it's interesting for those watching this bug: * Wed Apr 27 2005 Stew Benedict <[EMAIL PROTECTED]> 2.4.STABLE7-2.6.C21mdk - CAN-2005-0718 - patch not relevant, segfault occurs in an unprotected call to clientProcessBody, which isn't used in 2.4.STABLE7 In this case I can sleep better although it would be nice if you could get this confirmed by the Squid developers. If you kindly ask they will probably even test their PoC exploit against a Debian server even if they do not want to release it to the public. bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]