squid: CVE-2016-4553 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Catalin Enache <catalin.enache@windriver.com>	2016-05-23 15:49:34 +0300
committer	Joe MacDonald <joe_macdonald@mentor.com>	2016-06-01 19:35:50 -0400
commit	d46c89ae44c811b64b117613072698601e483b32 (patch)
tree	6e77c4047c77d5ae42f413f65da0ee77abb3e5aa /meta-python/recipes-devtools/python/python-flask-wtf
parent	9a13040d7b10b9f7221f8190e75aa249bfacee9d (diff)
download	meta-openembedded-d46c89ae44c811b64b117613072698601e483b32.tar.gz

squid: CVE-2016-4553

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4553 Backported upstream patch: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-flask-wtf')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: