Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 11 Jul 2013 12:04:43 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Raphael Geissert <geissert@...ian.org>, squid-bugs@...id-cache.org,
        info@...id-cache.org
Subject: Re: CVE request: SQUID-2013:2: buffer overflow in
 HTTP request handling

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/11/2013 08:53 AM, Raphael Geissert wrote:
> Hi,
> 
> Squid has released a security advisory[0]:
>> Due to incorrect data validation Squid is vulnerable to a buffer 
>> overflow attack when processing specially crafted HTTP requests.
> 
> [0]http://www.squid-cache.org/Advisories/SQUID-2013_2.txt
> 
> Could a CVE id be assigned please?
> 
> Thanks in advance.
> 
> [CC'ing squid's security address so that they can include the id
> in the advisory once assigned]
> 
> Cheers, -- Raphael Geissert - Debian Developer www.debian.org -
> get.debian.net
> 

Please use CVE-2013-4115 for this issue.

Squid people: can someone contact me about getting you guys CVEs in
advance? It would make things easier for all concerned.

https://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR3vO7AAoJEBYNRVNeJnmT3OUQAIvRTjkSXucBqPzUv8P6d9qy
ke4lBrgo1IxwI17CAgCWWP612Ert2mkDsfKkqTDb/bttave6tvDL3RR54wMHYm/W
SMNX8lKYD4vEpE9UlbLuz65LzBwMH5Uip7aR4FXLG2nFRCgAAN8W+NYunBh/BWaf
e+m1RwA7SvlkgDMkZiZKAxLC2N0BCs9bkQ8NTyJ0n1jlWiWbV6hxZFLR+TQallAs
UFXp15fkZB6IeFyG8bJ1t75CbFmtzHa49SRcOla13oV3Q/5pEJXEmmJk1BjH1pUY
gIouzdVmtpdI2XqKG35ZVbzGi4KrJ9UIFCW7HG7p6CBYYPZKMB9tRh2Q3snSbonT
6nO+1wBEyALQjHJrBKw3goF3uSqMvhIO0x5H+VEIk7qw4jMBcxBCwIMR/O/l5o4G
Ps6d3Z7YztWwof7wTlO82jnUnL0ELeWV1Hsh5vqjFfGNLPqQNOZWBqpdrqqyhbBW
urmPNyoHhFq/YgxRcDi7FmLuM3jP9dqi/DfDhKWctc2IUBLp5hzaXf0CJ+k9NPZW
M37XnNwfTgpGpToCFCjiIEZ0bZigrWZXHheKojnuc8JSTaPm0/yjnHhIWaIhNj6Z
l/PaNCgufelRSv200kt+BaTMr6XFW3FrpZRxh32k/KnSY2Y2pm3wtaDIQgEMy87N
cjszaeAyQimlgzYJ/t9m
=bB3W
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ