reopen 534982 severity 534982 critical This bug has recently hit us hard resulting in repeated DoS of a production web service running on Debian Lenny.
What is the intended mitigation strategy for this DoS for users of Debian Stable who rely on Squid support for external_acl_type? For the time being I have had to rebuild appropriately patched squid packages for Lenny to guard against this. Since there will redoubtably be many production web servers running Debian that are vulnerable to CVE-2009-2855 the patch should be backported into the squid packages shipped with Lenny and released through the security repository. Thanks, Terry -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
