[VIM] new record on delayed patching..
Steven M. Christey
coley at linus.mitre.org
Tue Jun 14 19:10:54 EDT 2005
On Tue, 14 Jun 2005, security curmudgeon wrote:
> Winner is RedHat?
>
> http://rhn.redhat.com/errata/RHSA-2005-489.html
> Issued on: 2005-06-13
>
> A bug was found in the way Squid handles access to the cachemgr.cgi script. It
> is possible for an authorised remote user to bypass access control lists with
> this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
> assigned the name CVE-1999-0710 to this issue.
Hmmmm... but CVE-1999-0710 lists REDHAT:RHSA-1999:025 as an advisor, so it
had been fixed at *some* point in the past. That means that this is
either (1) a regression or (2) an improper application of an old CVE to a
similar issue or variant, which sometimes happens.
Either way, time for an email :)
- Steve
More information about the VIM
mailing list