[Secure-testing-commits] r47175 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Dec 17 15:44:40 UTC 2016


Author: carnil
Date: 2016-12-17 15:44:40 +0000 (Sat, 17 Dec 2016)
New Revision: 47175

Modified:
   data/CVE/list
Log:
Clarify note for one of the squid3 items

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-17 15:40:15 UTC (rev 47174)
+++ data/CVE/list	2016-12-17 15:44:40 UTC (rev 47175)
@@ -1,7 +1,9 @@
 CVE-2016-XXXX [Issue #2, cookie headers and other client-specific private infformation leak]
 	- squid3 <unfixed>
-	[jessie] - squid3 <not-affected> (Vulnerable code not present)
-	[wheezy] - squid3 <not-affected> (Vulnerable code not present)
+	[jessie] - squid3 <not-affected> (Does not affect Squid versions before 3.5.0.1)
+	[wheezy] - squid3 <not-affected> (Does not affect Squid versions before 3.5.0.1)
+	NOTE: Marked as not-affected, vulnerable vulnerability not present due to
+	NOTE: the collapsed_forwarding directive beeing added in 3.5.0.1 only
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14956.patch
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch (for squid-3.5 excluding 3.5.22)




More information about the Secure-testing-commits mailing list