Hello Henrik,
Thank you very much for your explanation.
Best Regards,
-- Balamurugan.
----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "Balamurugan" <bmurugan@visolve.com>
Cc: <squid-dev@squid-cache.org>
Sent: Thursday, October 20, 2005 2:13 AM
Subject: Re: Reg. Squid vulnerabilities
> On Wed, 19 Oct 2005, Balamurugan wrote:
>
>> I hope "storeBuffer() Denial of Service Vulnerability" has been fixed in
>> Squid-2.5.STABLE11.
>
> Yes.
>
>> Squid-2.5.STABLE11 was released before declaring the "NTLM Authentication
>> Handling Denial of Service vulnerability". But patch is available only
>> for Squid-2.5.STABLE10.
>
> Your dates are wrong. The patch was released long before 2.5.STABLE11.
>
> See http://www.squid-cache.org/Versions/v2/2.5/bugs/ for details. There
> you also find our descriptions of the issues mentioned.
>
>> Is Squid-2.5.STABLE11 also affected by this vulnerability? If so, any
>> patch is available for Squid-2.5.STABLE11?
>
> Both patches are included in 2.5.STABLE11.
>
> Every patch we publish is always included in the next release, and we
> never publish patches to an older release, only the current stable release
> at the time the patch is published.
>
> Regards
> Henrik
>
>
Received on Wed Oct 19 2005 - 21:29:35 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:07 MST