K 10
svn:author
V 5
edwin
K 8
svn:date
V 27
2005-01-22T09:31:33.000000Z
K 7
svn:log
V 1081
[Maintainer/security] www/squid: protect against HTTP resonse split
attack and other patches

    Integrate vendor patches as published on
    <http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

    - FTP data connection fails on some FTP servers when requesting
      a directory without a trailing slash (squid bug #1194)

    - Icons fail to load on non-anonymous FTP when using the
      short_icons_url configuration directive (squid bug #1203)

    - Strengthen squid against HTTP response splitting cache pollution
      attacks (squid bug #1200), classified as security issue by
      the vendor

    Proposed VuXML information, entry date left to be filled in:

    (Note: I added only a publically accessible link to the Sanctum,
    Inc.  whitepaper, the squid bug tracker contains a deep link
    to the PDF itself; if we are allowed to publish it, it could
    instead be used as reference because Sanctum, Inc. wants you
    to register with them before you get access to their whitepapers.)

PR:		ports/76550
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de>

END