Red Hat Bugzilla – Bug 152915
CAN-2005-0446 squid DoS
Last modified: 2008-05-01 11:38:06 EDT
A bug was found in the way Squid handles FQDN lookups. It was possible
to crash the Squid server by sending a carefully crafted DNS response to
an FQDN lookup. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0446 to this issue.
Must base packages on the ones from bug 2150
------- Additional Comments From firstname.lastname@example.org 2005-03-11 03:58:58 ----
05.10.28 CVE: CAN-2005-0626
Platform: Cross Platform
Title: Squid Proxy Set-Cookie Information Disclosure
Description: Squid is web proxy software. It is affected by a remote
information disclosure problem. The issue presents itself when the
requested server employs the Netscape "Set-Cookie" specifications.
Squid Proxy versions 2.5 STABLE7 through version 2.5 STABLE9 are
------- Additional Comments From email@example.com 2005-03-18 09:26:01 ----
Because there haven't been any VERIFY votes for the previous squid version, I
guess it would make sense to fold this into the same mess.
I suggest we track this under #2150..
------- Additional Comments From firstname.lastname@example.org 2005-03-19 11:44:43 ----
Well, if we track it in 2150, we should close this one.
*** This bug has been marked as a duplicate of 2150 ***
------- Bug moved to this database by email@example.com 2005-03-30 18:31 -------
This bug previously known as bug 2446 at https://bugzilla.fedora.us/
Originally filed under the Fedora Legacy product and Package request component.
Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
This bug either had no qa contact or an invalid one.
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.