Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/11/2013 08:53 AM, Raphael Geissert wrote:
> Hi,
>
> Squid has released a security advisory[0]:
> > Due to incorrect data validation Squid is vulnerable to a buffer 
> > overflow attack when processing specially crafted HTTP requests.
>
> [0]http://www.squid-cache.org/Advisories/SQUID-2013_2.txt
>
> Could a CVE id be assigned please?
>
> Thanks in advance.
>
> [CC'ing squid's security address so that they can include the id
> in the advisory once assigned]
>
> Cheers, -- Raphael Geissert - Debian Developer www.debian.org -
> get.debian.net

Please use CVE-2013-4115 for this issue.

Squid people: can someone contact me about getting you guys CVEs in
advance? It would make things easier for all concerned.

https://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR3vO7AAoJEBYNRVNeJnmT3OUQAIvRTjkSXucBqPzUv8P6d9qy
ke4lBrgo1IxwI17CAgCWWP612Ert2mkDsfKkqTDb/bttave6tvDL3RR54wMHYm/W
SMNX8lKYD4vEpE9UlbLuz65LzBwMH5Uip7aR4FXLG2nFRCgAAN8W+NYunBh/BWaf
e+m1RwA7SvlkgDMkZiZKAxLC2N0BCs9bkQ8NTyJ0n1jlWiWbV6hxZFLR+TQallAs
UFXp15fkZB6IeFyG8bJ1t75CbFmtzHa49SRcOla13oV3Q/5pEJXEmmJk1BjH1pUY
gIouzdVmtpdI2XqKG35ZVbzGi4KrJ9UIFCW7HG7p6CBYYPZKMB9tRh2Q3snSbonT
6nO+1wBEyALQjHJrBKw3goF3uSqMvhIO0x5H+VEIk7qw4jMBcxBCwIMR/O/l5o4G
Ps6d3Z7YztWwof7wTlO82jnUnL0ELeWV1Hsh5vqjFfGNLPqQNOZWBqpdrqqyhbBW
urmPNyoHhFq/YgxRcDi7FmLuM3jP9dqi/DfDhKWctc2IUBLp5hzaXf0CJ+k9NPZW
M37XnNwfTgpGpToCFCjiIEZ0bZigrWZXHheKojnuc8JSTaPm0/yjnHhIWaIhNj6Z
l/PaNCgufelRSv200kt+BaTMr6XFW3FrpZRxh32k/KnSY2Y2pm3wtaDIQgEMy87N
cjszaeAyQimlgzYJ/t9m
=bB3W
-----END PGP SIGNATURE-----