[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS Update: ports
- To: cvs@lists.cleannorth.org
- Subject: CVS Update: ports
- From: Dan Brosemer <odin@akbar.cleannorth.org>
- Date: Fri, 28 May 2004 1:34:36 ()
- List-help: <mailto:cvs-request@lists.cleannorth.org?subject=help>
- List-post: <mailto:cvs@lists.cleannorth.org>
- List-subscribe: <mailto:cvs-request@lists.cleannorth.org?subject=subscribe>
- List-unsubscribe: <mailto:cvs-request@lists.cleannorth.org?subject=unsubscribe>
- Reply-to: odin@akbar.cleannorth.org
- Resent-date: Fri, 28 May 2004 01:34:42 -0401 (EDT)
- Resent-from: cvs@lists.cleannorth.org
- Resent-message-id: <KpCS_B.A.Sb.I-stAB@mace.cleannorth.org>
- Resent-sender: cvs-request@lists.cleannorth.org
CVSROOT: /cvs Module name: ports Repository: ports/www/squid/patches/ Changes by: odin@akbar.cleannorth.org. 04/05/28 01:34:36 Modified files: ports/www/squid/: Makefile distinfo ports/www/squid/patches/: patch-configure_in Added files: ports/www/squid/patches/: gcc-patch-lib_Makefile_in Removed files: ports/www/squid/patches/: patch-lib_Makefile_in Log message: From OPENBSD_3_5 MFC: upgrade to Squid 2.5.STABLE5 + latest patches A bug in Squid that allows users to bypass certain access controls. Squid versions 2.5.STABLE4 and earlier contain a bug in the "%xx" URL decoding function. It may insert a NULL character into decoded URLs, which may allow users to bypass url_regex ACLs. http://www.squid-cache.org/Advisories/SQUID-2004_1.txt and Add 2 more distribution patches. One of them fixes an issue if using Digest authentication. Users can crash Squid with a segmentation fault simply by entering a blank user name.
- Prev by Date: CVS Update: ports
- Next by Date: CVS Update: ports
- Previous by thread: CVS Update: ports
- Next by thread: CVS Update: ports
- Index(es):