diff options
| author |   Thomas Deutschmann <whissi@gentoo.org> | 2017-09-28 22:54:55 +0200 |
|---|---|---|
| committer | Thomas Deutschmann <whissi@gentoo.org> | 2017-09-28 22:54:55 +0200 |
| commit | 612f47deca97e8d7ffc2100c1dbc82a602abdf39 (patch) | |
| tree | 714d18b438413833e38a20af15b6514bb8c7ac61 /glsa-200403-11.xml | |
| parent | Fix GLSA 201709-27 to reflect previous canonical name for libTIFF (diff) | |
| download | glsa-612f47deca97e8d7ffc2100c1dbc82a602abdf39.tar.gz glsa-612f47deca97e8d7ffc2100c1dbc82a602abdf39.tar.bz2 glsa-612f47deca97e8d7ffc2100c1dbc82a602abdf39.zip | |
GLSA format update
- Dates converted to ISO8601 [Bug #196681]
- Reference links changed to HTTPS where available [Bug #630750]
See: https://bugs.gentoo.org/196681
See: https://bugs.gentoo.org/630750
Diffstat (limited to 'glsa-200403-11.xml')
| -rw-r--r-- | glsa-200403-11.xml | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/glsa-200403-11.xml b/glsa-200403-11.xml index f7354ed4..7abb28f9 100644 --- a/glsa-200403-11.xml +++ b/glsa-200403-11.xml @@ -1,6 +1,5 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> - <glsa id="200403-11"> <title>Squid ACL [url_regex] bypass vulnerability</title> <synopsis> @@ -11,8 +10,8 @@ ACL. </synopsis> <product type="ebuild">Squid</product> - <announced>March 30, 2004</announced> - <revised>September 02, 2004: 02</revised> + <announced>2004-03-30</announced> + <revised>2004-09-02: 02</revised> <bug>45273</bug> <access>remote</access> <affected> @@ -32,13 +31,13 @@ <description> <p> A bug in Squid allows users to bypass certain access controls by passing a - URL containing "%00" which exploits the Squid decoding function. + URL containing "%00" which exploits the Squid decoding function. This may insert a NUL character into decoded URLs, which may allow users to bypass url_regex access control lists that are enforced upon them. </p> <p> In such a scenario, Squid will insert a NUL character after - the"%00" and it will make a comparison between the URL to the end + the"%00" and it will make a comparison between the URL to the end of the NUL character rather than the contents after it: the comparison does not result in a match, and the user's request is not denied. </p> @@ -65,14 +64,14 @@ <code> # emerge sync - # emerge -pv ">=net-proxy/squid-2.5.5" - # emerge ">=net-proxy/squid-2.5.5"</code> + # emerge -pv ">=net-proxy/squid-2.5.5" + # emerge ">=net-proxy/squid-2.5.5"</code> </resolution> <references> - <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189">CAN-2004-0189</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189">CAN-2004-0189</uri> <uri link="http://www.squid-cache.org/Advisories/SQUID-2004_1.txt">Squid 2.5.STABLE5 Release Announcement</uri> </references> - <metadata tag="submitter" timestamp="Thu, 2 Sep 2004 21:11:59 +0000"> + <metadata tag="submitter" timestamp="2004-09-02T21:11:59Z"> vorlon078 </metadata> </glsa> |