> Hi all,
> was anyone contacted by CERT regarding the vulnerability in the
> subject?
> http://www.kb.cert.org/vuls/id/MAPG-7MWGZF asserts that Squid is
> vulnerable and that they didn't get any answers from us..
>
> --
> /kinkie
>
It's a very old issue. With no clear-cut fix yet.
Robert Auger has been in communication for some time about this to core,
Henrik and I both responded. CERT themselves I have no record of direct
contact from.
We were asked explicitly not to jump the gun before this CERT announcement.
Now that its out I suppose we can start discussing how or if to mitigate
the issue.
Henrik I get the idea maybe has knowledge of a patch to fix it. I have
some ideas on how to lock out attacks, but no code yet.
Amos
Received on Mon Feb 23 2009 - 22:32:34 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 24 2009 - 12:00:03 MST