aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
diff options
context:
space:
mode:
authorCatalin Enache <catalin.enache@windriver.com>2016-05-23 15:49:34 +0300
committerArmin Kuster <akuster808@gmail.com>2016-08-16 10:29:39 -0700
commit7166a2daecfbb4528fa410670adcc7f241715bd5 (patch)
treeb0991fb67152a1ea96b725b71887b003bcdbdd5e /meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb
parentbee5bfb29d582e6c31a875b6905558d15cec8767 (diff)
downloadmeta-openembedded-contrib-7166a2daecfbb4528fa410670adcc7f241715bd5.tar.gz
squid: CVE-2016-4553
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4553 Backported upstream patch: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> (cherry picked from commit d46c89ae44c811b64b117613072698601e483b32) Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-networking/recipes-netkit/netkit-rsh/netkit-rsh_0.17.bb')
0 files changed, 0 insertions, 0 deletions
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-19 13:08:56 +0000