Accepted squid 2.5.7-3ubuntu1 (source)
Martin Pitt
martin.pitt at ubuntu.com
Thu Jan 20 12:40:03 CST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 20 Jan 2005 19:32:15 +0100
Source: squid
Binary: squid squid-cgi squidclient squid-common
Architecture: source
Version: 2.5.7-3ubuntu1
Distribution: hoary
Urgency: low
Maintainer: Luigi Gangitano <luigi at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
squid - Internet Object Cache (WWW proxy cache)
squid-cgi - Squid cache manager CGI program
squid-common - Internet Object Cache (WWW proxy cache) - common file
squidclient - Command line URL extractor that talks to (a) squid
Changes:
squid (2.5.7-3ubuntu1) hoary; urgency=low
.
* SECURITY UPDATE: Fix several DoS vulnerabilities found by infamous41md.
Fixes based on upstream supplied patches, but these changed lots of
irrelevant stuff, so they were trimmed down.
* debian/patches/22-gopher_html_parsing.dpatch:
- Avoid buffer overflow if a malicious Gopher server sends a line bigger
than 4096 characters.
- References:
CAN-2005-0094
http://www.squid-cache.org/Advisories/SQUID-2005_1.txt
* debian/patches/23-wccp-denial-of-service.dpatch:
- Fix crash when receiving malformed WCCP packages with spoofed source
addresses.
- References:
CAN-2005-0095
http://www.squid-cache.org/Advisories/SQUID-2005_2.txt
* debian/patches/24-fakeauth_auth-crash.dpatch:
- Check for NULL return value of ntlmGetString() (which happens on
malformed NTLM type 3 packages) before using the pointer.
- References:
http://secunia.com/advisories/13789
CAN-2005-0097
* debian/patches/debian/patches/25-fakeauth_auth-memleak.dpatch:
- Free cleartext buffer after using it to fix memory leak.
- References:
CAN-2005-0096
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth
Files:
a70cd0dc291834861bc51ebf24dc4893 659 web optional squid_2.5.7-3ubuntu1.dsc
64323bfba1100ce74f6f58b3866fbf83 280976 web optional squid_2.5.7-3ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB7/qmDecnbV4Fd/IRAi7IAJ9gtBiH7BIKYoj8nUVhVcwKYeuWKQCbBsHv
iGD62bSnTu/E937AozytmfU=
=g/WJ
-----END PGP SIGNATURE-----
Accepted:
squid_2.5.7-3ubuntu1.diff.gz
to pool/main/s/squid/squid_2.5.7-3ubuntu1.diff.gz
squid_2.5.7-3ubuntu1.dsc
to pool/main/s/squid/squid_2.5.7-3ubuntu1.dsc
More information about the hoary-changes
mailing list