[Secure-testing-team] Bug#848493: squid3: SQUID-2016:11: Information disclosure in HTTP Request processing
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 17 15:53:59 UTC 2016
Source: squid3
Version: 3.4.8-6
Severity: important
Tags: security upstream patch fixed-upstream
Hi
>From http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
> Problem Description:
>
> Due to incorrect HTTP conditional request handling Squid can
> deliver responses containing private data to clients it should
> not have reached.
A CVE has been requested in http://www.openwall.com/lists/oss-security/2016/12/17/1
Regards,
Salvatore
More information about the Secure-testing-team
mailing list