On Tue, 13 Oct 2009 00:41:36 +0200, Henrik Nordstrom <hen...@henriknordstrom.net> wrote: > Not sure. Imho it's one of those small things that is very questionable > if it should have got an CVE # to start with. > > For example RedHat downgraded the issue to low/low (lowest possible > rating) once explained what it really was about. > > But we should probably notify CVE that the bug has been fixed.
Okay, I've asked the Debian reporter for access to details. Lacking clear evidence of remote exploit I'll follow along with the quiet approach. The CVE has reference to our bugs which are clearly closed. If there is more to be done to notify anyone can you let me know what that is please? the other CVE from this year are in similar states of questionable open/closed-ness. Amos > > tis 2009-10-13 klockan 11:14 +1300 skrev Amos Jeffries: >> Are we going to acknowledge this vulnerability with a SQUID:2009-N alert? >> The reports seem to indicate it can be triggered remotely by servers. >> >> It was fixed during routine bug closures a while ago so we just need to >> wrap up an explanation and announce the fixed releases. >> >> Amos
