Hi all,
I'm using Squid 2.5.STABLE10, and since I can't afford to migrate to a
newer Squid release on my platform, I'd like to get a status on whether
this version of Squid is impacted by the CAN-2005-3258 vulnerability or not.
A patch for squid 2.5.STABLE11 exists for this issue:
On Mon, 2 Jan 2006, Aurelien Foret wrote:
As far as I can see, the rfc1738_do_escape patch fixes some stuffs in the
ftp_basehref patch itself, rather than flaws in squid 2.5.STABLE10.
As a consequence, I wonder if the latter patch has introduced the
vulnerability or if it was existing anyway.