Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 79495

Summary: www-proxy/squid more squid suffering
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: andrewbevitt
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard: B4 [glsa] jaervosz
Package list:
Runtime testing required: ---
Bug Depends on: 80201    
Bug Blocks:    

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-26 08:34:04 UTC 
*** Bug 79581 has been marked as a duplicate of this bug. ***
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-26 08:35:04 UTC 
Opening since this is public.

Cyfred please bump.
Comment 3 Andrew Bevitt 2005-01-26 18:20:50 UTC 
See squild-2.5.7-r4 in cvs now
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-26 21:57:45 UTC 
Thx Andrew.

Security please vote on GLSA. We could combine it with the issue on bug #78776.
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-01-27 02:18:13 UTC 
It's mostly cache poisoning and log poisoning... but adding them together they may be worth a GLSA (a "Low" one). Voting YES.
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-01-28 06:09:05 UTC 
squid-2.5.STABLE7-header_parsing is CAN-2005-0174
squid-2.5.STABLE7-response_splitting is CAN-2005-0175

squid-2.5.STABLE7-ldap_spaces from bug 78776 is CAN-2005-0173
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-29 02:19:52 UTC 
I vote YES -> GLSA
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2005-01-29 03:00:46 UTC 
s390, mips: please mark stable to benefit from GLSA
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2005-01-31 06:41:08 UTC 
Waiting for bug 80201 to send out GLSA
Comment 10 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-02-02 12:38:09 UTC 
GLSA 200502-04
Comment 11 Joshua Kinard gentoo-dev 2005-02-06 20:36:37 UTC 
mips stable.