pkgsrc-bugs: pkg/36961: SquidGuard in PkgSrc out of date / has vuln.

Subject: pkg/36961: SquidGuard in PkgSrc out of date / has vuln.
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <jasonb@myjclibrary.org>
List: pkgsrc-bugs
Date: 09/10/2007 07:50:01

>Number:         36961
>Category:       pkg
>Synopsis:       SquidGuard in PkgSrc out of date / has vuln.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 10 07:50:01 +0000 2007
>Originator:     Jason Boyer
>Release:        Irrelevant
>Organization:
>Environment:
Irrelevant
>Description:
SquidGuard 1.2.0 in pkgsrc has a vulnerability and a new version is available that addresses it.
>How-To-Repeat:
Install SG, put extra slashes in URL, or use URL encoding as mentioned in http://www.squidguard.org/Doc/sg-2007-04-15.html , note that SG fails to match URLs.
>Fix:
Update SquidGuard to 1.2.1