On 2020-08-11 11:00 p.m., Amos Jeffries wrote: > On 12/08/20 9:24 am, Simon Deziel wrote: >> Hello, >> >> I noticed that CVE-2019-12522 [*] was not yet fixed. I could confirm the >> saved UID is indeed 0 (root) on a Ubuntu 20.04.1 machine (5.4 kernel) so >> I was wondering if a fix was on the way. Thanks >> > > We do not have an ETA on this issue. Risk is relatively low and several > features of Squid require the capability this allows in order to > reconfigure. So we will not be implementing the quick fix of fully > dropping root. OK, thanks for the quick feedback and explanations. Regards, Simon _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
