Re: Squid HTTP Proxy Security Update
Um, want to bet? (All right, its not vunerable to anything but the SNMP DoS,
and that's disabled by default)
However I am yet to actually see 2.2.5-4 avaliable via apt-get :-\
Changes:
squid (2.2.5-4) stable; urgency=medium
.
* Upload to address the problems as identified in the 2.4 series.
o ftp://user@pass overflow: not vulnerable
o HTCP cannot be turned off if compiled in: not vulnerable, the debian
package has had the "turn off HTCP" patch for ages
o SNMP memory leak potential DOS: applied patch for squid 2.4.STABLE3
Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: andrewt@cnl.com.au
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874
"It's the smell! If there is such a thing." Agent Smith - The Matrix
----- Original Message -----
From: "Wichert Akkerman" <wichert@wiggy.net>
To: "Philipe Gaspar" <kr0n@uol.com.br>
Cc: <debian-security@lists.debian.org>
Sent: Friday, February 22, 2002 5:11 AM
Subject: Re: Squid HTTP Proxy Security Update
> Previously Philipe Gaspar wrote:
> > Is the Squid Version 2.2.STABLE5 on Debian potato vulnerable?
>
> No.
>
> Wichert.
>
> --
> _________________________________________________________________
> /wichert@wiggy.net This space intentionally left occupied \
> | wichert@deephackmode.org http://www.liacs.nl/~wichert/ |
> | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>
Reply to: