Am Dienstag 07 Oktober 2008 schrieb Devin Carraway: > ------------------------------------------------------------------------ > Debian Security Advisory DSA-1646-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Devin Carraway > October 07, 2008 http://www.debian.org/security/faq > ------------------------------------------------------------------------ > > Package : squid > Vulnerability : array bounds check > Problem type : remote > Debian-specific: no > CVE Id(s) : CVE-2008-1612 > > A weakness has been discovered in squid, a caching proxy server. The > flaw was introduced upstream in response to CVE-2007-6239, and > announced by Debian in DSA-1482-1. The flaw involves an > over-aggressive bounds check on an array resize, and could be > exploited by an authorized client to induce a denial of service > condition against squid.
It seems that in 2.6.5-6etch2 sources 59-dos-cache-update-2 is missing from debian/patches/00list and thus does not get applied when building the package. Is this on purpose? Amon Ott -- Amon Ott - m-privacy GmbH Am Köllnischen Park 1, 10179 Berlin Tel: +49 30 24342334 Fax: +49 30 24342336 Web: http://www.m-privacy.de Handelsregister: Amtsgericht Charlottenburg HRB 84946 Geschäftsführer: Dipl.-Kfm. Holger Maczkowsky, Roman Maczkowsky GnuPG-Key-ID: EA898571 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
