"Due to an internal error Squid is vulnerable to a denial
of service attack when processing specially crafted requests.
This problem allows any client to perform a denial of service
attack on the Squid service."
Patches and problem description:
*** Bug 257586 has been marked as a duplicate of this bug. ***
*** Bug 258107 has been marked as a duplicate of this bug. ***
Both major versions have been bumped to 2.7.6 respectively 3.0.13.
Arches please mark net-proxy/squid-2.7.6 as stable (don't touch squid-3
*** Bug 255962 has been marked as a duplicate of this bug. ***
Stable for HPPA.
Stable on alpha (this comment made through Squid™).
amd64 stable, all arches done.
Re-Rating B4 as it's not a "Global service compromise"
Read to vote, I vote YES (because squid is a network accessible service and often used in accelerator setups for HTTP - if I was using squid in a datacenter, I'd really appreciate getting a warning about this issue!)