Date: Thu, 1 Oct 2015 07:52:25 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE Request: squid: Nonce replay vulnerability in Digest authentication Hello MITRE, Upstream fixed a security issue in digest_authentication  that can allow disabled user or users with changed password to access the squid service with old credentials. Upstream patch for Squid 3.4: http://bazaar.launchpad.net/~squid/squid/3.4/revision/13211 Upstream patch for Squid 3.5: http://bazaar.launchpad.net/~squid/squid/3.5/revision/13735 : http://bugs.squid-cache.org/show_bug.cgi?id=4066 Can you please assign a CVE id to this issue? -- Huzaifa Sidhpurwala / Red Hat Product Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ