From secunia: DESCRIPTION: Some security issues have been reported in squidGuard, which can be exploited by malicious people to bypass certain security restrictions. 1) A boundary error in sgLog.c can be exploited to put the application in emergency mode and disable the filter via an overly long URL containing multiple '/' characters. 2) Two errors in the processing of overly long URLs can be exploited to bypass the URL filter. The security issues are reported in versions 1.3 and 1.4. Prior versions may also be affected. SOLUTION: Apply patches. squidGuard 1.3: http://www.squidguard.org/Downloads/Patches/1.3/squidGuard-1.3-patch-20091015.tar.gz http://www.squidguard.org/Downloads/Patches/1.3/squidGuard-1.3-patch-20091019.tar.gz squidGuard 1.4: http://www.squidguard.org/Downloads/Patches/1.4/squidGuard-1.4-patch-20091015.tar.gz http://www.squidguard.org/Downloads/Patches/1.4/squidGuard-1.4-patch-20091019.tar.gz PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015 http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019
Maintainers, please provide an ebuild that includes the said patches.
*** Bug 290981 has been marked as a duplicate of this bug. ***
CVE-2009-3700 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3700): Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to "emergency mode." CVE-2009-3826 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3826): Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL.
Patch 20091019 was already applied in version 1.4-r3, see vsnprintf.patch. Second patch has been imported in our tree as upstream-fixes.patch, although the quality of this patch is dubious. Please mark squid-1.4-r4 as stable.
amd64/x86 stable, all arches done.
sorry... my script is running insane
ppc64 done
Stable for PPC.
GLSA vote: no.
NO too, closing