Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 1 Oct 2015 07:52:25 +0530
From: Huzaifa Sidhpurwala <>
Subject: CVE Request: squid: Nonce replay vulnerability in Digest

Hello MITRE,

Upstream fixed a security issue in digest_authentication [1] that can
allow disabled user or users with changed password to access the squid
service with old credentials.
Upstream patch for Squid 3.4:
Upstream patch for Squid 3.5:


Can you please assign a CVE id to this issue?

Huzaifa Sidhpurwala / Red Hat Product Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ