oss-sec mailing list archives
Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 11 Jul 2013 12:04:43 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/11/2013 08:53 AM, Raphael Geissert wrote:
Hi, Squid has released a security advisory[0]:Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests.[0]http://www.squid-cache.org/Advisories/SQUID-2013_2.txt Could a CVE id be assigned please? Thanks in advance. [CC'ing squid's security address so that they can include the id in the advisory once assigned] Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Please use CVE-2013-4115 for this issue. Squid people: can someone contact me about getting you guys CVEs in advance? It would make things easier for all concerned. https://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJR3vO7AAoJEBYNRVNeJnmT3OUQAIvRTjkSXucBqPzUv8P6d9qy ke4lBrgo1IxwI17CAgCWWP612Ert2mkDsfKkqTDb/bttave6tvDL3RR54wMHYm/W SMNX8lKYD4vEpE9UlbLuz65LzBwMH5Uip7aR4FXLG2nFRCgAAN8W+NYunBh/BWaf e+m1RwA7SvlkgDMkZiZKAxLC2N0BCs9bkQ8NTyJ0n1jlWiWbV6hxZFLR+TQallAs UFXp15fkZB6IeFyG8bJ1t75CbFmtzHa49SRcOla13oV3Q/5pEJXEmmJk1BjH1pUY gIouzdVmtpdI2XqKG35ZVbzGi4KrJ9UIFCW7HG7p6CBYYPZKMB9tRh2Q3snSbonT 6nO+1wBEyALQjHJrBKw3goF3uSqMvhIO0x5H+VEIk7qw4jMBcxBCwIMR/O/l5o4G Ps6d3Z7YztWwof7wTlO82jnUnL0ELeWV1Hsh5vqjFfGNLPqQNOZWBqpdrqqyhbBW urmPNyoHhFq/YgxRcDi7FmLuM3jP9dqi/DfDhKWctc2IUBLp5hzaXf0CJ+k9NPZW M37XnNwfTgpGpToCFCjiIEZ0bZigrWZXHheKojnuc8JSTaPm0/yjnHhIWaIhNj6Z l/PaNCgufelRSv200kt+BaTMr6XFW3FrpZRxh32k/KnSY2Y2pm3wtaDIQgEMy87N cjszaeAyQimlgzYJ/t9m =bB3W -----END PGP SIGNATURE-----
Current thread:
- CVE request: SQUID-2013:2: buffer overflow in HTTP request handling Raphael Geissert (Jul 11)
- Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling Kurt Seifried (Jul 11)