By adding a trailing dot to the domain it is possible to bypass the filter and access blocked sites. This only affects people using squidGuard with squid version 3.0 STABLE1 to STABLE5 (higher version may be affected as well; in any case, if you are running squid 3.0 make sure to patch). Squid version 2.6 is known to remove trailing dots from domains before passing the URLs to squidGuard. Affected versions: 1.3, 1.2.1 and below Corrected in version 1.4 alpha (and higher) Reproducible: Always http://www.squidguard.org/Downloads/Patches/1.3/squidGuard-1.3-patch-20080613.tar.gz (MD5: fb0a12bf289b73ed6ecf5ff4ad971648) http://www.squidguard.org/Downloads/Patches/1.2.1/squidGuard-1.2.1-patch-20080613.tar.gz (MD5: ab33fb4f7381e5b30543f7f79a3d4345)
Fixed in net-proxy/squidguard-1.3-r1. Arch teams, please mark this version as stable.
Providing a new version of the file is a really weird way to patch.... Anyway, adding release@
x86 stable
ppc64 stable
amd64 stable
ppc stable
I vote NO for this since the initial comment #0 stated only squid 3.0 and higher is affected, and that is ~arch for us.
no too, closing