First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 61280
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Andrew Bevitt <andrewbevitt@gmail.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 61280 depends on: Show dependency tree
Bug 61280 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-08-22 11:41 0000 
Certain malformed NTLMSSP packets could crash the NTLM helpers provided by
Squid.

I have updated the squid patchset to include the patch provided on the bug
release website; Just here for notification and publication if necessary.

Effected users www-proxy/squid-2.5.*
Remedy, upgrade to >=www-proxy/squid-2.5.6-r2

Reproducible: Always
Steps to Reproduce:

------- Comment #1 From Jason Wever (RETIRED) 2004-08-22 17:14:25 0000 ------- 
So like how do we test to make sure these fixes work?

------- Comment #2 From Sune Kloppenborg Jeppesen 2004-08-22 22:26:59 0000 ------- 
Andrew could you provide a testcase to assist the arches mark stable?

------- Comment #3 From Andrew Bevitt 2004-08-23 00:39:11 0000 ------- 
Honestly... I am not sure how.

http://www.squid-cache.org/bugs/show_bug.cgi?id=1045 
Details the initial reporting of the problem; in as much as what the problem is described as being the patch definately fixes. ie (o > 0);

------- Comment #4 From Chris White (RETIRED) 2004-08-23 07:34:49 0000 ------- 
Once I get back from school I'll try and get a nice test case up based
on the squid getting started guide.  The one avaliable from upstream is
decent enough for testing, but it needs to be tweaked for Gentoo specific
files, build process.

------- Comment #5 From Chris White (RETIRED) 2004-08-24 23:47:49 0000 ------- 
While trying to create the test case, I ran into a circular dep issue.
Changing this back to ebuild status.

net-mail / robbat2:

There are circular dep issues with openldap and cyrus-sasl which results
in the following:

bash-2.05b# emerge -p cyrus-sasl | grep ebuild
[ebuild  N    ] net-nds/openldap-2.1.30-r1
[ebuild  N    ] dev-libs/cyrus-sasl-2.1.18-r2

bash-2.05b# emerge -p openldap | grep ebuild
[ebuild  N    ] dev-libs/cyrus-sasl-2.1.18-r2
[ebuild  N    ] net-nds/openldap-2.1.30-r1

This prevents proper installation of squid with sasl and ldap USE flags
enabled, and the above libraries not being installed.  Thanks ahead of time
for any comments/suggestions!

------- Comment #6 From Robin Johnson 2004-08-24 23:52:30 0000 ------- 
chriswhite: see bug #32394 for the circular dep.
it's one that is not really solvable.

openldap needs cyrus-sasl to provide SASL auth [widely used]
cyrus-sasl has an ldap backend, that needs to link against the openldap libs (which in turn may be linked to the sasl libs ;-)

------- Comment #7 From Sune Kloppenborg Jeppesen 2004-08-26 08:31:48 0000 ------- 
Arches please mark stable.

------- Comment #8 From Bryan Østergaard (RETIRED) 2004-08-26 13:44:40 0000 ------- 
Stable on alpha.

------- Comment #9 From Martin Holzer (RETIRED) 2004-08-27 10:10:52 0000 ------- 
x86 stable now

------- Comment #10 From Jason Wever (RETIRED) 2004-08-27 18:48:42 0000 ------- 
Stable on sparc

------- Comment #11 From Thierry Carrez (RETIRED) 2004-09-01 02:51:36 0000 ------- 
Fixing status whiteboard to only include supported arches.

Waiting for amd64 to issue a GLSA on this.
hppa ia64 mips ppc64 s390 : don't forget to mark stable to benefit from GLSA.

------- Comment #12 From Travis Tilley (RETIRED) 2004-09-01 09:30:18 0000 ------- 
stable on amd64

------- Comment #13 From Sune Kloppenborg Jeppesen 2004-09-01 09:41:24 0000 ------- 
Security this one is ready for GLSA, please draft.

------- Comment #14 From Thierry Carrez (RETIRED) 2004-09-02 13:31:01 0000 ------- 
GLSA 200409-04 is out.
hppa ia64 mips ppc64 s390 : don't forget to mark stable to benefit.

------- Comment #15 From Guy Martin 2004-09-15 02:30:08 0000 ------- 
HPPA stable.

------- Comment #16 From Matthias Geerdsen 2004-09-15 13:31:19 0000 ------- 
*** Bug 64165 has been marked as a duplicate of this bug. ***

------- Comment #17 From Tom Gall 2004-09-26 20:58:33 0000 ------- 
stable on ppc64

------- Comment #18 From Hardave Riar (RETIRED) 2004-10-17 21:56:22 0000 ------- 
Stable on mips.
First Last Prev Next    No search results available      Search page      Enter new bug