oss-sec mailing list archives
Re: CVE Request -- Squid -- SQUID-2010_1.txt
From: Josh Bressers <bressers () redhat com>
Date: Mon, 1 Feb 2010 16:09:46 -0500 (EST)
----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:
Hi Josh, Steve, vendors, Squid upstream has released updated versions fixing DoS when processing specially crafted DNS packets [1]. From the upstream advisory: "This problem allows any trusted client or external server who can determine the squid receiving port to perform a short-term denial of service attack on the Squid service." Could you allocate a CVE id for this? (can't find one in SQUID-2010_1.txt). Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team [1] http://www.squid-cache.org/Advisories/SQUID-2010_1.txt
Please use CVE-2010-0308 for this. Thanks. -- JB
Current thread:
- CVE Request -- Squid -- SQUID-2010_1.txt Jan Lieskovsky (Feb 01)
- <Possible follow-ups>
- Re: CVE Request -- Squid -- SQUID-2010_1.txt Josh Bressers (Feb 01)