On 12/08/20 9:24 am, Simon Deziel wrote: > Hello, > > I noticed that CVE-2019-12522 [*] was not yet fixed. I could confirm the > saved UID is indeed 0 (root) on a Ubuntu 20.04.1 machine (5.4 kernel) so > I was wondering if a fix was on the way. Thanks >
We do not have an ETA on this issue. Risk is relatively low and several features of Squid require the capability this allows in order to reconfigure. So we will not be implementing the quick fix of fully dropping root. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
