summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2017-09-28 22:54:55 +0200
committerThomas Deutschmann <whissi@gentoo.org>2017-09-28 22:54:55 +0200
commit612f47deca97e8d7ffc2100c1dbc82a602abdf39 (patch)
tree714d18b438413833e38a20af15b6514bb8c7ac61 /glsa-200403-11.xml
parentFix GLSA 201709-27 to reflect previous canonical name for libTIFF (diff)
downloadglsa-612f47deca97e8d7ffc2100c1dbc82a602abdf39.tar.gz
glsa-612f47deca97e8d7ffc2100c1dbc82a602abdf39.tar.bz2
glsa-612f47deca97e8d7ffc2100c1dbc82a602abdf39.zip
GLSA format update
- Dates converted to ISO8601 [Bug #196681] - Reference links changed to HTTPS where available [Bug #630750] See: https://bugs.gentoo.org/196681 See: https://bugs.gentoo.org/630750
Diffstat (limited to 'glsa-200403-11.xml')
-rw-r--r--glsa-200403-11.xml17
1 files changed, 8 insertions, 9 deletions
diff --git a/glsa-200403-11.xml b/glsa-200403-11.xml
index f7354ed..7abb28f 100644
--- a/glsa-200403-11.xml
+++ b/glsa-200403-11.xml
@@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
-
<glsa id="200403-11">
<title>Squid ACL [url_regex] bypass vulnerability</title>
<synopsis>
@@ -11,8 +10,8 @@
ACL.
</synopsis>
<product type="ebuild">Squid</product>
- <announced>March 30, 2004</announced>
- <revised>September 02, 2004: 02</revised>
+ <announced>2004-03-30</announced>
+ <revised>2004-09-02: 02</revised>
<bug>45273</bug>
<access>remote</access>
<affected>
@@ -32,13 +31,13 @@
<description>
<p>
A bug in Squid allows users to bypass certain access controls by passing a
- URL containing &quot;%00&quot; which exploits the Squid decoding function.
+ URL containing "%00" which exploits the Squid decoding function.
This may insert a NUL character into decoded URLs, which may allow users to
bypass url_regex access control lists that are enforced upon them.
</p>
<p>
In such a scenario, Squid will insert a NUL character after
- the&quot;%00&quot; and it will make a comparison between the URL to the end
+ the"%00" and it will make a comparison between the URL to the end
of the NUL character rather than the contents after it: the comparison does
not result in a match, and the user's request is not denied.
</p>
@@ -65,14 +64,14 @@
<code>
# emerge sync
- # emerge -pv ">=net-proxy/squid-2.5.5"
- # emerge ">=net-proxy/squid-2.5.5"</code>
+ # emerge -pv "&gt;=net-proxy/squid-2.5.5"
+ # emerge "&gt;=net-proxy/squid-2.5.5"</code>
</resolution>
<references>
- <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189">CAN-2004-0189</uri>
+ <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189">CAN-2004-0189</uri>
<uri link="http://www.squid-cache.org/Advisories/SQUID-2004_1.txt">Squid 2.5.STABLE5 Release Announcement</uri>
</references>
- <metadata tag="submitter" timestamp="Thu, 2 Sep 2004 21:11:59 +0000">
+ <metadata tag="submitter" timestamp="2004-09-02T21:11:59Z">
vorlon078
</metadata>
</glsa>