Luigi Gangitano wrote:
> An updated package is building right now for etch/sid.
>
> Security Team, please notice that squid-2.5.9 which is shipped with
> sarge is not vulnerable, since:
> - - the ftp bug (SA23767) was introduced by a patch added in squid-2.5-
> STABLE11, see
> http://www.squid-cache.org/bugs/show_bug.cgi?id=1857
> - - the external-acl was introduced during the squid-2.6 development,
> see http://www.squid-cache.org/bugs/show_bug.cgi?id=1848
>
> If needed, I can help preparing a 'not vulnerable' advisory for these
> bugs.
Thanks for keeping us posted. I added this information to the Debian
Security Tracker.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
