** Changed in: squid3 (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1473691
Title:
squid: Update to latest upstream release (3.5)
To manage notificati
I'm hoping to get squid updated in Xenial within the next two weeks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1473691
Title:
squid: Update to latest upstream release (3.5)
To manage notificati
I will only add that even in the best of circumstances with perfect
firewalling, a low privilege sysadmin or helpdesk member/troubleshooter
could easily use this overflow as a hop to privilege escalation and/or
willful damage.
--
You received this bug notification because you are a member of Ubun
e-Vent, we rated this issue "low" because:
- snmp is not enabled by default
- squid's snmp listener can listen on specific interfaces
- local iptables / ufw rules probably already allow only specific services on
the hosts that run squid
- network firewalls / routers probably already allow only sp
I would not consider a buffer overflow and code execution as low
priority, especially when this program is likely to run on a firewall or
network gateway.
Is there a better timeline than when "we feel like there's a real issue"
we'll update? We are now 2 generations depreciated...
--
You receive