oss-sec mailing list archives
Re: CVE id request: squid
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 1 Apr 2008 12:13:22 -0400 (EDT)
Notice the reference to oss-security :) - Steve ====================================================== Name: CVE-2008-1612 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1612 Reference: MISC:http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2007_2.txt Reference: MLIST:[oss-security] 20080401 CVE id request: squid Reference: URL:http://www.openwall.com/lists/oss-security/2008/04/01/5 Reference: MLIST:[squid-announce[ 20080322 Advisory Squid-2007:2 updated Reference: URL:http://marc.info/?l=squid-announce&m=120614453813157&w=2 The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
Current thread:
- CVE id request: squid Tomas Hoger (Apr 01)
- Re: CVE id request: squid Steven M. Christey (Apr 01)