Package: squid3 Version: 3.0.PRE5-5 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for squid.
CVE-2009-0801[0]: | Squid, when transparent interception mode is enabled, uses the HTTP | Host header to determine the remote endpoint, which allows remote | attackers to bypass access controls for Flash, Java, Silverlight, and | probably other technologies, and possibly communicate with restricted | intranet sites, via a crafted web page that causes a client to send | HTTP requests with a modified Host header. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0801 http://security-tracker.debian.net/tracker/CVE-2009-0801 Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
