From secunia security advisor at $URL:
The vulnerability is caused due to a boundary error when processing Gopher responses and can be exploited to cause a buffer overflow via an overly long string.
Successful exploitation may allow execution of arbitrary code.
Update to version 3.0.STABLE26 or 3.1.15.
all member of net-proxy herd are away atm.
I want CC Eray; he is the committers of last version available in tree, so, probably he wants take care of this bump.
29 Apr 2011; Eray Aslan <firstname.lastname@example.org> +squid-3.1.12.ebuild,
Non-maintainer version bump - bug #362049
+*squid-3.1.15 (31 Aug 2011)
+ 31 Aug 2011; Eray Aslan <email@example.com> +squid-3.1.15.ebuild,
+ version bump - security bug #381065
Great, thanks Eray for your extra-works ;)
arches, please test and mark stable :
target KEYWORDS : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
+ 01 Sep 2011; Tony Vroon <firstname.lastname@example.org> squid-3.1.15.ebuild:
+ Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & Ian
+ "idella4" Delaney in security bug #381065.
Stable for HPPA.
Thanks, folks. Added to existing GLSA request.
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher
reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2
before 220.127.116.11 allows remote Gopher servers to cause a denial of service
(memory corruption and daemon restart) or possibly have unspecified other
impact via a long line in a response. NOTE: This issue exists because of a
This issue was resolved and addressed in
GLSA 201110-24 at http://security.gentoo.org/glsa/glsa-201110-24.xml
by GLSA coordinator Tim Sammut (underling).