[Secure-testing-team] Bug#848491: squid3: SQUID-2016:10: Information disclosure n Collapsed Forwarding

Salvatore Bonaccorso Sat, 17 Dec 2016 07:51:43 -0800

Source: squid3
Version: 3.5.22-1
Severity: important
Tags: security upstream patch fixed-upstream


Hi

>From http://www.squid-cache.org/Advisories/SQUID-2016_10.txt

> Problem Description:
> 
>  Due to incorrect comparsion of request headers Squid can deliver
>  responses containing private data to clients it should not have
>  reached.

A CVE has been requested in 
http://www.openwall.com/lists/oss-security/2016/12/17/1

Regards,
Salvatore

_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#848491: squid3: SQUID-2016:10: Information disclosure n Collapsed Forwarding

Reply via email to