This patch is already applied in 2.5.9-r2, along with many others
Is 2.5.9-r2 ready for arches to mark stable?
Yes. I prefer to set this version as stable because I changed the ebuild to apply customlog patch only when correspondent use flag is set. One user complained about memory leaks on versions with customlog patch applied - see bug 85740 for more info.
What about this one ? Is is covered ? Since when ? =========================================================== Ubuntu Security Notice USN-111-1 April 14, 2005 squid vulnerability CAN-2005-0718 =========================================================== [...] A remote Denial of Service vulnerability has been discovered in Squid. If the remote end aborted the connection during a PUT or POST request, Squid tried to free an already freed part of memory, which eventually caused the server to crash.
Koon, that was what triggered me in the first place. AFAIR it only applies to patch level 7 and we are at patch level 9.
their (ubuntu) version of squid is way too old. I've applied in 2.5.9-r2 all current patches up to "rename() related cleanup", which means we have all current patches applied excepting the last 3 cosmetic patches.
Arches please test and mark squid-2.5.9-r2 stable.
stable on amd64
Stable on ppc.
stable on x86
stable on ppc64
Stable on SPARC.
r2 have been replaced by r3 due to bug #89586. arches, please don't mark this as stable till I get confirmation that bug #89586 is fixed.
Stable on alpha + ia64.
Voting no to GLSA
Voting for no GLSA as well on this one. Let's see if enough bugs pile up to warrant a GLSA. Also in the queue bug #83955
damn! I was so close to cleanup older versions of squid... now I must wait again >:-|
Stable on hppa