Hi all,
There apparently was a CVE assigned some time ago but I cannot seem to
find it being addressed.
https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt
The crux of the problem is that privileges are not dropped and could be
re-acquired. There is even a warning against running squid as root but
if root is one function call away, it seems it's the same.
Any thoughts on this?
Thanks,
Adam
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
