Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Sep 2014 09:16:35 +0200
From: Sebastian Krahmer <>
Subject: Re: CVE-Request: squid pinger remote DoS

On Tue, Sep 16, 2014 at 02:56:30AM -0400, wrote:
> Hash: SHA1
> > I made a fix for squid 3.4.6 and request a CVE
> >
> Regardless of the "what happens to squid itself" answer, is it known
> that the crash has a security impact? This message seemed to conclude

Well, in any case whether its restarted or not, it should be fixed.
For me its a remote DoS, its your decision if it qualifies for a CVE.
The indexing bug is the "real issue" whereas the others IMHO qualify
as hardening and only produce junk-packets or fake logs if exploited.



~ perl
~ $_='print"\$_=\47$_\47;eval"';eval
~ - SuSE Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ