[Secure-testing-team] Bug#848491: squid3: SQUID-2016:10: Information disclosure n Collapsed Forwarding
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 17 15:47:23 UTC 2016
Source: squid3
Version: 3.5.22-1
Severity: important
Tags: security upstream patch fixed-upstream
Hi
>From http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
> Problem Description:
>
> Due to incorrect comparsion of request headers Squid can deliver
> responses containing private data to clients it should not have
> reached.
A CVE has been requested in http://www.openwall.com/lists/oss-security/2016/12/17/1
Regards,
Salvatore
More information about the Secure-testing-team
mailing list