[VIM] new record on delayed patching..

Steven M. Christey coley at linus.mitre.org
Tue Jun 14 19:10:54 EDT 2005

On Tue, 14 Jun 2005, security curmudgeon wrote:

> Winner is RedHat?
> http://rhn.redhat.com/errata/RHSA-2005-489.html
> Issued on: 2005-06-13
> A bug was found in the way Squid handles access to the cachemgr.cgi script. It
> is possible for an authorised remote user to bypass access control lists with
> this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
> assigned the name CVE-1999-0710 to this issue.

Hmmmm... but CVE-1999-0710 lists REDHAT:RHSA-1999:025 as an advisor, so it
had been fixed at *some* point in the past.  That means that this is
either (1) a regression or (2) an improper application of an old CVE to a
similar issue or variant, which sometimes happens.

Either way, time for an email :)

- Steve

More information about the VIM mailing list