Summary: | <net-proxy/squid-3.1.23: Incomplete fix for the CVE-2012-5643 (CVE-2013-0189) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | eras, net-proxy+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=895972 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-01-16 17:40:47 UTC
@security: We can stabilize =net-proxy/squid-3.1.23 which also has the additional fixes for CVE-2012-5643. Thank you. (In reply to comment #1) > @security: We can stabilize =net-proxy/squid-3.1.23 which also has the > additional fixes for CVE-2012-5643. Thank you. Thanks, Eray. Arches, please test and mark stable: =net-proxy/squid-3.1.23 Target KEYWORDS: "alpha amd64 arm hppa ia64 ~mips ppc ppc64 sparc x86 ~x86-fbsd" amd64 stable x86 stable ppc done Stable for HPPA. CVE-2013-0189 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0189): cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison. arm stable ppc64 stable alpha stable ia64 stable sparc stable Adding to the existing GLSA draft that contains CVE-2012-5643, unless someone strongly disagrees. This issue was resolved and addressed in GLSA 201309-22 at http://security.gentoo.org/glsa/glsa-201309-22.xml by GLSA coordinator Sergey Popov (pinkbyte). |