Summary: | net-proxy/squid <2.7.6 <3.0.13 <3.1.0.5 DoS in request processing (CVE-2009-0478) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Eray Aslan <eras> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | clemente.aguiar, martin.holzer, mgorny, net-proxy+disabled, ole+gentoo |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.squid-cache.org/Advisories/SQUID-2009_1.txt | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Eray Aslan
2009-02-04 11:50:55 UTC
*** Bug 257586 has been marked as a duplicate of this bug. *** Patches: Squid 2.7: http://www.squid-cache.org/Versions/v2/2.7/changesets/12432.patch http://www.squid-cache.org/Versions/v2/2.7/changesets/12442.patch Squid 3.0: http://www.squid-cache.org/Versions/v3/3.0/changesets/b8964.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/b8965.patch *** Bug 258107 has been marked as a duplicate of this bug. *** Both major versions have been bumped to 2.7.6 respectively 3.0.13. Arches please mark net-proxy/squid-2.7.6 as stable (don't touch squid-3 keywords). *** Bug 255962 has been marked as a duplicate of this bug. *** ppc64 done Stable for HPPA. Stable on alpha (this comment made through Squid™). ppc stable ia64/sparc/x86 stable amd64 stable, all arches done. Re-Rating B4 as it's not a "Global service compromise" Read to vote, I vote YES (because squid is a network accessible service and often used in accelerator setups for HTTP - if I was using squid in a datacenter, I'd really appreciate getting a warning about this issue!) YES too GLSA 200903-38 (spam) |