On Tue, 21 Jul 2015 16:52:18 +0200 Salvatore Bonaccorso wrote: > > [0] https://security-tracker.debian.org/tracker/CVE-2015-5400 > > Please adjust the affected versions in the BTS as needed.
In the tracker page I see a note that "squid" packages are not affected due to code not existing. This is incorrect. Squid-2 and earlier versions have the vulnerable logic in src/ssl.c with different symbol names. The function called sslProxyConnected() initiates sslSetSelect() instead of continuing on with logics to properly process the received response. Amos -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
