--- Begin Message ---Hello.While testing for CVE-2007-6239 I found a small memory leak introduced by the ICAP patch as included in Mandriva squid 2.6 package, taken from here: <http://devel.squid-cache.org/cgi-bin/diff2/icap-2.6.patch>. Although small, I could trigger a DoS with the same procedure which would trigger a DoS for CVE-2007-6239 in ICAP-unpatched & unfixed Squid. The fix for the leak can be found here: <http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/squid/current/SOURCES/> File 'squid-2.6.STABLE16-icap-fixleak.patch'. I sure don't believe this is the better fix, but it was enough for us. cya
--- End Message ---
signature.asc
Description: Detta är en digitalt signerad meddelandedel
