Bug#701123: squid-cgi: cachemgr.cgi crashes when passing password in form since applied, patch for CVE-2012-5643 and CVE-2013-0189
It seems library differences between 3.2+ and 3.1 caused this small piece to be missing from the 3.1 patch: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10486.patch Amos -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#701123: squid-cgi: cachemgr.cgi crashes when passing password in form since applied, patch for CVE-2012-5643 and CVE-2013-0189
Hi Amos! On Sun, Feb 24, 2013 at 01:22:48AM +1300, Amos Jeffries wrote: It seems library differences between 3.2+ and 3.1 caused this small piece to be missing from the 3.1 patch: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10486.patch Thank you for fowarding this, this fixes the mentioned problem. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#701123: squid-cgi: cachemgr.cgi crashes when passing password in form since applied patch for CVE-2012-5643 and CVE-2013-0189
Package: squid-cgi Version: 3.1.20-2.1 Severity: important Hi (X-Debbugs-CC'ing Michael Stapelberg stapelb...@debian.org) I noticed the following, but was not yet able to find the cause: If one sets e.g. cachemgr_passwd secretpassword all in /etc/squid3/squid.conf then passing the password in the form crashes cachemgr.cgi, the cgi script ends prematurely. Reverting back to 3.1.20-2 with the same configuration, these requests work fine again and one can with the given password access the Cache Manager interface. To reproduce I did a clean install in a virtual machine, and changed the cachemgr_passwd settings to restrict the access via a password. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org