On Mon, 2 Jan 2006, Aurelien Foret wrote:
> As far as I can see, the rfc1738_do_escape patch fixes some stuffs in the
> ftp_basehref patch itself, rather than flaws in squid 2.5.STABLE10.
> As a consequence, I wonder if the latter patch has introduced the
> vulnerability or if it was existing anyway.
Seems right to me. But I have not tested 2.5.STABLE10 explicitly to
verify.
Regards
Henrik
Received on Mon Jan 02 2006 - 14:20:28 MST
This archive was generated by hypermail pre-2.1.9 : Fri Jan 27 2006 - 12:00:02 MST