e-Vent, we rated this issue "low" because: - snmp is not enabled by default - squid's snmp listener can listen on specific interfaces - local iptables / ufw rules probably already allow only specific services on the hosts that run squid - network firewalls / routers probably already allow only specific services on the networks that run squid
In general allowing untrusted access to SNMP is not a good idea regardless if this is fixed. We have limited resources and we have to prioritize the work we do accordingly. If you have the time and inclination to prepare and test a patch for this issue, we'd be happy to sponsor updates. See https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation for more details. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1473691 Title: squid: Update to latest upstream release (3.5) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1473691/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
