On Wed, 19 Oct 2005, Balamurugan wrote:
> I hope "storeBuffer() Denial of Service Vulnerability" has been fixed in
> Squid-2.5.STABLE11.
Yes.
> Squid-2.5.STABLE11 was released before declaring the "NTLM Authentication
> Handling Denial of Service vulnerability". But patch is available only for
> Squid-2.5.STABLE10.
Your dates are wrong. The patch was released long before 2.5.STABLE11.
See http://www.squid-cache.org/Versions/v2/2.5/bugs/ for details. There
you also find our descriptions of the issues mentioned.
> Is Squid-2.5.STABLE11 also affected by this vulnerability? If so, any patch
> is available for Squid-2.5.STABLE11?
Both patches are included in 2.5.STABLE11.
Every patch we publish is always included in the next release, and we
never publish patches to an older release, only the current stable release
at the time the patch is published.
Regards
Henrik
Received on Wed Oct 19 2005 - 14:43:38 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:07 MST