Re: Does anyone know anything about CERT Vulnerability note VU#435052?

From: Amos Jeffries <>
Date: Tue, 24 Feb 2009 11:31:53 +1300 (NZDT)

> Hi all,
> was anyone contacted by CERT regarding the vulnerability in the
> subject?
> asserts that Squid is
> vulnerable and that they didn't get any answers from us..
> --
> /kinkie

It's a very old issue. With no clear-cut fix yet.

Robert Auger has been in communication for some time about this to core,
Henrik and I both responded. CERT themselves I have no record of direct
contact from.

We were asked explicitly not to jump the gun before this CERT announcement.
Now that its out I suppose we can start discussing how or if to mitigate
the issue.

Henrik I get the idea maybe has knowledge of a patch to fix it. I have
some ideas on how to lock out attacks, but no code yet.

Received on Mon Feb 23 2009 - 22:32:34 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 24 2009 - 12:00:03 MST