[Secure-testing-team] Bug#514142: squid: denial of service via crafted request
Steffen Joeris
steffen.joeris at skolelinux.de
Wed Feb 4 18:08:34 UTC 2009
Package: squid
Severity: grave
Tags: security
Justification: user security hole
Hi
A DoS issue has been reported[0] for squid. So far I cannot see the
vulnerable code in the stable release, but it would be nice, if you
could check that as well. Lenny seems to be affected and needs fixing.
I've just build updated packages for testing-security with the
upstream patch[1]. On a first glance, the patch looked ok. I'll need
to test the packages and do some further checking, but would appreciate
some comments.
Cheers
Steffen
[0]: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt
[1]: http://klecker.debian.org/~white/squid/
More information about the Secure-testing-team
mailing list