Re: Thoughts on CVE-2020-15049/squid3?
On Fri, Sep 25, 2020 at 10:39:25PM +0200, Markus Koschany wrote:
> Yes, I have done the backport already but I wanted to wait for the
> feedback of a user who reported another parsing issue in #965012. At the
> moment I believe the current header parsing is correct but I am still
> investigating why the reported problem exists in the first place. Since
> I have not received any other reports, it could be a server
> configuration issue. If I don't find the underlying problem this
> weekend, I will upload the new update to people.debian.org and send a
> RFT to debian-lts. I would appreciate testing and feedback from you and
> other contributors because the package is obviously still used by
> several users and companies but they don't seem to be subscribed to
That is good to know. I have restored the note in dla-needed.txt and
ela-needed.txt and also included the note from dla-needed.txt in the
ela-needed.txt entry for clarity.
Once you send the next RFT I will take a look.
Roberto C. Sánchez