Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 304751

Summary: net-proxy/squid-3.0.24 version bump
Product: Gentoo Linux Reporter: Clemente Aguiar <clemente.aguiar>
Component: Current packagesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: enhancement CC: kfm, net-proxy+disabled, ole+gentoo
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.squid-cache.org/Advisories/SQUID-2010_2.txt
Whiteboard:
Package list:
Runtime testing required: ---

Description Clemente Aguiar 2010-02-12 17:29:04 UTC
Squid-3.0.STABLE24 has been released.

This release contains the fix for Advisory SQUID-2010:2
Remote Denial of Service in HTCP.

Reproducible: Always
Comment 1 kfm 2010-06-17 01:40:59 UTC
Re-assigning. Some notes for security:

* Latest instance of 3.0.24 series in portage is squid-3.0.STABLE20 (which is still stuck in ~arch anyway). A bump would be trivial.

* Latest upstream stable release is 3.1.4 which is not yet in portage, see bug 311927

* net-proxy herd appears to be dead (?)
Comment 2 kfm 2010-06-17 01:42:40 UTC
Apologies, the first bullet point should begin "latest instance of 3.0.x series".
Comment 3 Markos Chandras (RETIRED) gentoo-dev 2010-07-11 10:04:18 UTC

*** This bug has been marked as a duplicate of bug 311927 ***
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2010-07-11 10:05:05 UTC
Sorry re-opening
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2010-08-01 12:35:12 UTC
net-proxy: are there any plans to go on with this?
Comment 6 Alin Năstac (RETIRED) gentoo-dev 2010-08-07 06:45:49 UTC
squid-2.7.9 and squid-3.1.6 were added to the tree.
Arch teams, please stabilize both versions.
Comment 7 Markos Chandras (RETIRED) gentoo-dev 2010-08-07 13:42:44 UTC
Maybe duplicate to bug #301828. You are asking the same versions in both bugs
Comment 8 Milos Ivanovic 2010-08-07 16:12:30 UTC
squid-3.1.6 stable would be great :)

Thanks guys.
Comment 9 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-08-07 17:56:34 UTC
x86 done, see bug #301828
Comment 10 Markos Chandras (RETIRED) gentoo-dev 2010-08-08 12:00:39 UTC
The same for amd64
Comment 11 Jeroen Roovers (RETIRED) gentoo-dev 2010-08-09 18:50:49 UTC
Nothing to do here.
Comment 12 Jeroen Roovers (RETIRED) gentoo-dev 2010-08-09 18:51:03 UTC
Same.
Comment 13 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-08-10 14:55:55 UTC
Arches, please go on with the stabilization on bug 301828.

I'll mark this bug a dupe, no need for two bugs. Anyone interested in the status, please CC yourself to the aforementioned bug.

*** This bug has been marked as a duplicate of bug 301828 ***