Secure testing team - Jan 2007 - r5271 - data/CVE

Author: enerv-guest
Date: 2007-01-16 15:20:10 +0100 (Tue, 16 Jan 2007)
New Revision: 5271

Modified:
   data/CVE/list
Log:
new squid issue.


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-01-16 08:14:08 UTC (rev 5270)
+++ data/CVE/list	2007-01-16 14:20:10 UTC (rev 5271)
@@ -1,3 +1,6 @@
+CVE-2007-XXXX [Denial of Service Vulnerabilities]
+	- squid 2.6.5-3 (low)
+	TODO: check if version 2.5.9-10sarge2 have comprimised code.
 CVE-2007-XXXX [libgtop2 "glibtop_get_proc_map_s()" Buffer Overflow]
 	- libgtop2 (medium)
 	NOTE: All version prior 2.14.6 is vulnerable.

* Alex de Oliveira Silva:
> +CVE-2007-XXXX [Denial of Service Vulnerabilities]
> +	- squid 2.6.5-3 (low)
2.6.5-3 is a translation update.  Why do you think this version fixed
a security bug?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Florian Weimer escreveu:
> * Alex de Oliveira Silva:
>
>> +CVE-2007-XXXX [Denial of Service Vulnerabilities] +    - squid
>> 2.6.5-3 (low)
>
> 2.6.5-3 is a translation update.  Why do you think this version
> fixed a security bug?
>
I made a mistake.
Maye the commit r5275 solves the problem.

- --
   .''''`.
  : :'' :    Alex de Oliveira Silva | enerv
  `. `''     www.enerv.net
    `-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFrTC4arbczl+z12gRAmvsAKClg8/2hMZU1OOFal/2zwMXuMjrlwCdHa++
RFepRehy/vBZuT1Z+szBHn4=EaXY
-----END PGP SIGNATURE-----

* Alex de Oliveira Silva:
> Maye the commit r5275 solves the problem.
Yeah, makes much more sense.  I''ve fixed the remaining typo (and had a
brief look at the libgtop source code).