Um, want to bet? (All right, its not vunerable to anything but the SNMP DoS,
and that's disabled by default)
However I am yet to actually see 2.2.5-4 avaliable via apt-get :-\
Changes:
squid (2.2.5-4) stable; urgency=medium
.
* Upload to address the problems as identified in the 2.4 series.
o ftp://user@pass overflow: not vulnerable
o HTCP cannot be turned off if compiled in: not vulnerable, the debian
package has had the "turn off HTCP" patch for ages
o SNMP memory leak potential DOS: applied patch for squid 2.4.STABLE3
Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: [EMAIL PROTECTED]
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874
"It's the smell! If there is such a thing." Agent Smith - The Matrix
----- Original Message -----
From: "Wichert Akkerman" <[EMAIL PROTECTED]>
To: "Philipe Gaspar" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, February 22, 2002 5:11 AM
Subject: Re: Squid HTTP Proxy Security Update
> Previously Philipe Gaspar wrote:
> > Is the Squid Version 2.2.STABLE5 on Debian potato vulnerable?
>
> No.
>
> Wichert.
>
> --
> _________________________________________________________________
> [EMAIL PROTECTED] This space intentionally left occupied \
> | [EMAIL PROTECTED] http://www.liacs.nl/~wichert/ |
> | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
>
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
