[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA-1646-1] New squid packages fix array bounds check

On 2008-10-08, Amon Ott <ao@m-privacy.de> wrote:
> Am Dienstag 07 Oktober 2008 schrieb Devin Carraway:
>> ------------------------------------------------------------------------
>> Debian Security Advisory DSA-1646-1                  security@debian.org
>> http://www.debian.org/security/                           Devin Carraway
>> October 07, 2008                      http://www.debian.org/security/faq
>> ------------------------------------------------------------------------
>> Package        : squid
>> Vulnerability  : array bounds check
>> Problem type   : remote
>> Debian-specific: no
>> CVE Id(s)      : CVE-2008-1612
>> A weakness has been discovered in squid, a caching proxy server.  The
>> flaw was introduced upstream in response to CVE-2007-6239, and
>> announced by Debian in DSA-1482-1.  The flaw involves an
>> over-aggressive bounds check on an array resize, and could be
>> exploited by an authorized client to induce a denial of service
>> condition against squid.
> It seems that in 2.6.5-6etch2 sources 59-dos-cache-update-2 is missing from 
> debian/patches/00list and thus does not get applied when building the 
> package. Is this on purpose?

An updated update is already in preparation.


Reply to: