Description: A security issue has been reported in Squid, which may disclose sensitive information to malicious people. The problem is caused due to a race condition, which may cause Set-Cookie headers to leak to other users. This only happens when a requested server relies on the obsolete Netscape Set-Cookie specification. Solution: Apply patch for 2.5.STABLE9: http://www.squid-cache.org/Versi...quid-2.5.STABLE9-setcookie.patch Original Advisory: http://www.squid-cache.org/Versi...ugs/#squid-2.5.STABLE9-setcookie
version bumped to 2.5.9. it is already marked stable on x86.
Alin could you fix bug #83976 (if applicable) in the same round?
bug #83976 has been fixed
Arches please test and mark 2.5.9 stable.
Stable on ppc.
stable on amd64
sparc stable.
stable on ppc64
Stable on alpha.
voting against a GLSA NB: - rated minor-security on squid-cache.org - Ubuntu published USN-93-1 about this
Not worth a GLSA as such, maybe talk about it in next Squid GLSA (yes, there will be one).
koon thx for closing. I'll make mental note for the next Squid GLSA.
ok, this is closed, but what about bug #83976 ? It was fixed in the same ebuild version (see comment #3)
These issues seem rather minor. Experience tell me we will have another issue soon to bundle these with.
Stable on mips.
Newer version already stable.