109827 – net-proxy/squid Segfault in rfc1738_do_escape (CVE-2005-3258)

Bug 109827 - net-proxy/squid Segfault in rfc1738_do_escape (CVE-2005-3258)

Summary: net-proxy/squid Segfault in rfc1738_do_escape (CVE-2005-3258)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://www.squid-cache.org/Versions/v...
Whiteboard:	B3 [nextglsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2005-10-19 09:12 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2019-12-01 21:29 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-10-19 09:12:15 UTC

In certain odd FTP server responses Squid may crash with a segmentation fault 
in rfc1738_do_escape.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-10-19 09:12:57 UTC

net-proxy please provide an updated ebuild.

Comment 2 Alin Năstac (RETIRED) gentoo-dev

2005-10-19 11:29:37 UTC

net-proxy/squid-2.5.11 has been commited to the tree.
it contains all current upstream patches (including
squid-2.5.STABLE11-rfc1738_do_escape) and is already marked as stable on x86.

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-10-19 13:55:51 UTC

Thx Alin. 
 
Arches please test and mark stable.

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-10-19 14:01:11 UTC

Note CANs are now CVEs.

Comment 5 Brent Baude (RETIRED) gentoo-dev

2005-10-19 14:29:24 UTC

marked squid-2.5.11 ppc64 stable. thanks

Comment 6 Jason Wever (RETIRED) gentoo-dev

2005-10-19 14:55:28 UTC

Stable on SPARC

Comment 7 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-10-20 12:00:57 UTC

Stable on ppc and hppa.

Comment 8 Bryan Østergaard (RETIRED) gentoo-dev

2005-10-21 15:05:22 UTC

Stable on alpha + ia64.

Comment 9 Marcus D. Hanwell (RETIRED) gentoo-dev

2005-10-22 17:14:01 UTC

Stable on amd64.

Comment 10 Thierry Carrez (RETIRED) gentoo-dev

2005-10-23 02:53:50 UTC

Ready for GLSA vote.
I guess we should issue one, together with bug 106104

Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-10-23 11:59:59 UTC

I vote for waiting.

Comment 12 Stefan Cornelius (RETIRED) gentoo-dev

2005-10-25 06:03:47 UTC

Waiting and putting this together with other issues seems like a good idea

Comment 13 Tavis Ormandy (RETIRED) gentoo-dev

2005-10-25 06:04:32 UTC

I concur

Comment 14 Thierry Carrez (RETIRED) gentoo-dev

2005-10-25 06:13:22 UTC

OK then, wait until the next.