Back to bug 1329136
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-04-21 09:39:22 UTC | Alias | SQUID-2016:6 | |
| Andrej Nemec | 2016-04-21 09:46:03 UTC | Blocks | 1329143 | |
| Andrej Nemec | 2016-04-21 09:47:08 UTC | Depends On | 1329144 | |
| Salvatore Bonaccorso | 2016-04-23 06:03:14 UTC | CC | carnil | |
| Cedric Buissart | 2016-04-26 10:27:51 UTC | Whiteboard | impact=moderate,public=20160420,reported=20160420,source=internet,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-20,fedora-all/squid=affected,rhel-5/squid=notaffected,rhel-6/squid=affected,rhel-7/squid=affected | impact=moderate,public=20160420,reported=20160420,source=internet,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-20,fedora-all/squid=affected,rhel-5/squid=notaffected,rhel-6/squid=affected,rhel-6/squid34=affected,rhel-7/squid=affected |
| Cedric Buissart | 2016-04-26 13:45:42 UTC | Depends On | 1330572 | |
| Cedric Buissart | 2016-04-26 13:45:47 UTC | Depends On | 1330573 | |
| Cedric Buissart | 2016-04-26 13:45:51 UTC | Depends On | 1330574 | |
| Cedric Buissart | 2016-04-26 13:45:57 UTC | Depends On | 1330575 | |
| Cedric Buissart | 2016-04-26 13:46:01 UTC | Depends On | 1330576 | |
| Cedric Buissart | 2016-04-26 13:46:07 UTC | Depends On | 1330577 | |
| Cedric Buissart | 2016-04-29 10:53:24 UTC | Doc Text | Buffer overflow and input validation flaws were found in the way Squid processes ESI responses. If Squid is used as a reverse-proxy, a remote attacker able to control ESI components on a HTTP server could exploit these flaws to perform a denial of service, disclose parts of the stack memory, or, possibly, execute arbitrary code. | |
| Cedric Buissart | 2016-05-03 08:55:40 UTC | CC | cbuissar | |
| Martin Prpič | 2016-05-05 08:15:25 UTC | Doc Text | Buffer overflow and input validation flaws were found in the way Squid processes ESI responses. If Squid is used as a reverse-proxy, a remote attacker able to control ESI components on a HTTP server could exploit these flaws to perform a denial of service, disclose parts of the stack memory, or, possibly, execute arbitrary code. | Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse-proxy, a remote attacker able to control ESI components on a HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code. |
| Martin Prpič | 2016-05-05 08:19:24 UTC | Doc Text | Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse-proxy, a remote attacker able to control ESI components on a HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code. | Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid. |
| Luboš Uhliarik | 2016-05-10 23:46:00 UTC | Status | NEW | MODIFIED |
| Tomas Hoger | 2016-05-11 06:54:36 UTC | Status | MODIFIED | NEW |
| Cedric Buissart | 2016-05-19 14:18:41 UTC | Doc Text | Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid. | Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid. |
| Eric Christensen | 2016-05-24 14:15:27 UTC | CC | sparks | |
| Eric Christensen | 2016-06-07 22:15:44 UTC | CC | sparks | |
| Cedric Buissart | 2016-06-09 12:44:05 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-06-09 08:44:05 UTC | |||
| Branislav Náter | 2016-06-24 10:18:57 UTC | CC | bnater | |
| Flags | needinfo?(cbuissar) | |||
| Cedric Buissart | 2016-06-24 13:11:51 UTC | Flags | needinfo?(cbuissar) | |
| Product Security DevOps Team | 2019-09-29 13:47:33 UTC | Whiteboard | impact=moderate,public=20160420,reported=20160420,source=internet,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-20,fedora-all/squid=affected,rhel-5/squid=notaffected,rhel-6/squid=affected,rhel-6/squid34=affected,rhel-7/squid=affected |
Back to bug 1329136