Summary: | <net-proxy/squid-3.1.15 Buffer Overflow Vulnerability (CVE-2011-3205) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | eras, net-proxy+disabled, reuben-gentoo-bugzilla |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/45805/ | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2011-08-29 14:34:32 UTC
all member of net-proxy herd are away atm. I want CC Eray; he is the committers of last version[1] available in tree, so, probably he wants take care of this bump. [1]: 29 Apr 2011; Eray Aslan <eras@gentoo.org> +squid-3.1.12.ebuild, +files/squid-3.1.12-gentoo.patch: Non-maintainer version bump - bug #362049 +*squid-3.1.15 (31 Aug 2011) + + 31 Aug 2011; Eray Aslan <eras@gentoo.org> +squid-3.1.15.ebuild, + +files/squid-3.1.15-gentoo.patch: + version bump - security bug #381065 + Great, thanks Eray for your extra-works ;) arches, please test and mark stable : =net-proxy/squid-3.1.15 target KEYWORDS : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" amd64 ok AMD64; ditto Ago + 01 Sep 2011; Tony Vroon <chainsaw@gentoo.org> squid-3.1.15.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & Ian + "idella4" Delaney in security bug #381065. Stable for HPPA. ppc/ppc64 stable alpha/arm/ia64/sparc/x86 stable Thanks, folks. Added to existing GLSA request. CVE-2011-3205 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3205): Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. This issue was resolved and addressed in GLSA 201110-24 at http://security.gentoo.org/glsa/glsa-201110-24.xml by GLSA coordinator Tim Sammut (underling). |