CVE-2008-1612 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1612): The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.
Net-proxy, since 2.6.18 is already in the tree, can we stable it?
Of course you can.
Arches, please test and mark stable: =net-proxy/squid-2.6.18 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 release sparc x86"
amd64/x86 stable
ppc64 stable
alpha/ia64/sparc stable
Stable for HPPA.
ppc stable
I think this warrants an errata for GLSA 200801-05.
Fixed in release snapshot.
Shouldn't this bug be closed by now?
you can close this there's a new bug #257585
GLSA 200903-38, sorry for the delay...