Accepted squid 2.5.7-3ubuntu1 (source)

Martin Pitt martin.pitt at ubuntu.com
Thu Jan 20 12:40:03 CST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 20 Jan 2005 19:32:15 +0100
Source: squid
Binary: squid squid-cgi squidclient squid-common
Architecture: source
Version: 2.5.7-3ubuntu1
Distribution: hoary
Urgency: low
Maintainer: Luigi Gangitano <luigi at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 squid      - Internet Object Cache (WWW proxy cache)
 squid-cgi  - Squid cache manager CGI program
 squid-common - Internet Object Cache (WWW proxy cache) - common file
 squidclient - Command line URL extractor that talks to (a) squid
Changes: 
 squid (2.5.7-3ubuntu1) hoary; urgency=low
 .
   * SECURITY UPDATE: Fix several DoS vulnerabilities found by infamous41md.
     Fixes based on upstream supplied patches, but these changed lots of
     irrelevant stuff, so they were trimmed down.
   * debian/patches/22-gopher_html_parsing.dpatch:
     - Avoid buffer overflow if a malicious Gopher server sends a line bigger
       than 4096 characters.
     - References:
       CAN-2005-0094
       http://www.squid-cache.org/Advisories/SQUID-2005_1.txt
   * debian/patches/23-wccp-denial-of-service.dpatch:
     - Fix crash when receiving malformed WCCP packages with spoofed source
       addresses.
     - References:
       CAN-2005-0095
       http://www.squid-cache.org/Advisories/SQUID-2005_2.txt
   * debian/patches/24-fakeauth_auth-crash.dpatch:
     - Check for NULL return value of ntlmGetString() (which happens on
       malformed NTLM type 3 packages) before using the pointer.
     - References:
       http://secunia.com/advisories/13789
       CAN-2005-0097
   * debian/patches/debian/patches/25-fakeauth_auth-memleak.dpatch:
     - Free cleartext buffer after using it to fix memory leak.
     - References:
       CAN-2005-0096
       http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth
Files: 
 a70cd0dc291834861bc51ebf24dc4893 659 web optional squid_2.5.7-3ubuntu1.dsc
 64323bfba1100ce74f6f58b3866fbf83 280976 web optional squid_2.5.7-3ubuntu1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB7/qmDecnbV4Fd/IRAi7IAJ9gtBiH7BIKYoj8nUVhVcwKYeuWKQCbBsHv
iGD62bSnTu/E937AozytmfU=
=g/WJ
-----END PGP SIGNATURE-----


Accepted:
squid_2.5.7-3ubuntu1.diff.gz
  to pool/main/s/squid/squid_2.5.7-3ubuntu1.diff.gz
squid_2.5.7-3ubuntu1.dsc
  to pool/main/s/squid/squid_2.5.7-3ubuntu1.dsc

More information about the hoary-changes mailing list