[Secure-testing-commits] r47175 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 17 15:44:40 UTC 2016
Author: carnil
Date: 2016-12-17 15:44:40 +0000 (Sat, 17 Dec 2016)
New Revision: 47175
Modified:
data/CVE/list
Log:
Clarify note for one of the squid3 items
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-17 15:40:15 UTC (rev 47174)
+++ data/CVE/list 2016-12-17 15:44:40 UTC (rev 47175)
@@ -1,7 +1,9 @@
CVE-2016-XXXX [Issue #2, cookie headers and other client-specific private infformation leak]
- squid3 <unfixed>
- [jessie] - squid3 <not-affected> (Vulnerable code not present)
- [wheezy] - squid3 <not-affected> (Vulnerable code not present)
+ [jessie] - squid3 <not-affected> (Does not affect Squid versions before 3.5.0.1)
+ [wheezy] - squid3 <not-affected> (Does not affect Squid versions before 3.5.0.1)
+ NOTE: Marked as not-affected, vulnerable vulnerability not present due to
+ NOTE: the collapsed_forwarding directive beeing added in 3.5.0.1 only
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14956.patch
NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch (for squid-3.5 excluding 3.5.22)
More information about the Secure-testing-commits
mailing list