The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers
to cause a denial of service (process exit) via unknown vectors that cause an
array to shrink to 0 entries, which triggers an assert error. NOTE: this
issue is due to an incorrect fix for CVE-2007-6239.
Net-proxy, since 2.6.18 is already in the tree, can we stable it?
Of course you can.
Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 release sparc x86"
Stable for HPPA.
I think this warrants an errata for GLSA 200801-05.
Fixed in release snapshot.
Shouldn't this bug be closed by now?
you can close this
there's a new bug #257585
GLSA 200903-38, sorry for the delay...