attached mail follows:
Hello.
While testing for CVE-2007-6239 I found a small memory leak introduced by
the ICAP patch as included in Mandriva squid 2.6 package, taken from here:
<http://devel.squid-cache.org/cgi-bin/diff2/icap-2.6.patch>.
Although small, I could trigger a DoS with the same procedure which would
trigger a DoS for CVE-2007-6239 in ICAP-unpatched & unfixed Squid.
The fix for the leak can be found here:
<http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/squid/current/SOURCES/>
File 'squid-2.6.STABLE16-icap-fixleak.patch'.
I sure don't believe this is the better fix, but it was enough for us.
cya
This archive was generated by hypermail pre-2.1.9 : Wed Jan 30 2008 - 12:00:09 MST