Re: CVE-2009-2855

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 13 Oct 2009 12:12:22 +1300

On Tue, 13 Oct 2009 00:41:36 +0200, Henrik Nordstrom
<henrik_at_henriknordstrom.net> wrote:
> Not sure. Imho it's one of those small things that is very questionable
> if it should have got an CVE # to start with.
>
> For example RedHat downgraded the issue to low/low (lowest possible
> rating) once explained what it really was about.
>
> But we should probably notify CVE that the bug has been fixed.

Okay, I've asked the Debian reporter for access to details.
Lacking clear evidence of remote exploit I'll follow along with the quiet
approach.

The CVE has reference to our bugs which are clearly closed. If there is
more to be done to notify anyone can you let me know what that is please?
the other CVE from this year are in similar states of questionable
open/closed-ness.

Amos

>
> tis 2009-10-13 klockan 11:14 +1300 skrev Amos Jeffries:
>> Are we going to acknowledge this vulnerability with a SQUID:2009-N
alert?
>> The reports seem to indicate it can be triggered remotely by servers.
>>
>> It was fixed during routine bug closures a while ago so we just need to
>> wrap up an explanation and announce the fixed releases.
>>
>> Amos
Received on Mon Oct 12 2009 - 23:12:56 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 13 2009 - 12:00:06 MDT