>>>>> On Wed, 31 Jul 2002 23:31:38 +0300 >>>>> "Alexander" == Alexander Dudko <[EMAIL PROTECTED]> wrote: Alexander> Alexander> :-) Alexander> Хотя это уже оффтопик.... Alexander> Alexander> Возьмем, например, squid. Alexander> Согласно данным www.debian.org: Alexander> Debian package search results Alexander> .... Alexander> stable Alexander> squid 2.4.6-2 (667.7k) Alexander> Internet Object Cache (WWW proxy cache) Alexander> Alexander> unstable Alexander> squid 2.4.7-1 (669.3k) Alexander> Internet Object Cache (WWW proxy cache) Alexander> Alexander> Смотрим отличия 2.4.7 от 2.4.7 на www.squid-cache.org: Alexander> + - Squid now drops any requests using transfer-encoding. Alexander> + Squid is a HTTP/1.0 proxy and as such do not support Alexander> + the use of transfer-encoding. Alexander> + - The MSNT auth helper has been updated to v2.0.3+fixes for Alexander> + buffer overflow security issues found in this helper. Alexander> + - A security issue in how Squid forwards proxy authentication Alexander> + credentials has been fixed Alexander> + - Minor changes to support Apple MAC OS X and some other Alexander> platforms Alexander> + more easily. Alexander> + - The client -T option has been implemented Alexander> + - HTCP related bugfixes in "squid -k reconfigure" Alexander> + - Several bugfixes and cleanup of the Gopher client, both Alexander> + to correct some security issues and to make Squid properly Alexander> + render certain Gopher menus. Alexander> + - FTP data channels are now sanity checked to match the address Alexander> of Alexander> + the requested FTP server. This to prevent theft or injection Alexander> of Alexander> + data. See the new ftp_sanitycheck directive if this is not Alexander> desired. Alexander> + - Security fixes in how Squid parses FTP directory listings into Alexander> HTML. Alexander> Alexander> Вот теперь любители stable, объясните мне, руководствуюсь какими Alexander> соображениями я должен оставить на машине с реальным ip старую версию Alexander> squid.
потому что squid (2.4.6-2) testing-security; urgency=high * Upload to woody-proposed-updates because of security issues. * There is a buffer overflow in the ftp and gopher code. Fixed by: o squid-2.4.STABLE6-ftp_directories.patch o squid-2.4.STABLE6-gopher.patch * The squid FTP client wasn't secure wrt control and datachannels. It now checks that they come from the same address. Fixed by: o squid-2.4.STABLE6-ftp_sanitycheck.patch * Sometimes squid forwarded proxy-auth to remote HTTP servers. Fixed by: o squid-2.4.STABLE6-proxy_auth.patch * Move examples back to /usr/share/doc/squid/examples (fixes: #151657). -- Miquel van Smoorenburg <[EMAIL PROTECTED]> Thu, 4 Jul 2002 13:03:55 +0200 Alexander> Я полностью согласен, что на десктоп лучше всего stable. Но на прокси Тут вот как раз многие не согласятся. Alexander> корпоративной сети - только unstable. Или компилировать новые пакеты Как бы это выразиться... более... /странной/... я попросту не припомню... Alexander> самому, как я и поступал, до того как поставил Debian. Я не могу ждать Alexander> пока "Security fixes..." войдет в stable. Вы смотрели не в ту сторону. -- Alexander Kotelnikov Saint-Petersburg, Russia