Integrate the following vendor patch as published on <http://www.squid-cache.org/Versions/v2/2.5/bugs/>: - Address HTTP protocol mismatch related to oversized reply headers and enhance cache.log on reply header parsing failures (squid bug #1216) This bug is classified as security issue by the vendor, further details about the impact of the vulnerability are not known (to maintainer). Proposed VuXML data, entry date left to be filled in: <vuln vid="bfda39de-7467-11d9-9e1e-c296ac722cb3"> <topic>squid -- correct handling of oversized HTTP reply headers</topic> <affects> <package> <name>squid</name> <range><lt>2.5.7_12</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>The squid patches page notes:</p> <blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch"> <p>This patch addresses a HTTP protocol mismatch related to oversized reply headers. In addition it enhances the cache.log reporting on reply header parsing failures to make it easier to track down which sites are malfunctioning.</p> </blockquote> </body> </description> <references> <url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1216</url> <url>http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch</url> </references> <dates> <discovery>2005-01-31</discovery> <entry></entry> </dates> </vuln> Fix: Apply this patch:
Please integrate the following patches, too: - correct the search request generated by the LDAP authentication helper - fix a race within the NTLM authentication mechanism (squid bug #1127) - fix handling of failed PUT/POST requests (squid bug #1224) - fix problems with persistent server connections after failed PUT/POST requests (squid bug #1122) - improve handling of forged WCCP packets (squid bug #1225) Index: distinfo =================================================================== --- distinfo (revision 394) +++ distinfo (revision 395) @@ -48,3 +48,13 @@ SIZE (squid2.5/squid-2.5.STABLE7-wccp_buffer_overflow.patch) = 505 MD5 (squid2.5/squid-2.5.STABLE7-oversize_reply_headers.patch) = 729c626f76637546b5ded70da6e0ee20 SIZE (squid2.5/squid-2.5.STABLE7-oversize_reply_headers.patch) = 3056 +MD5 (squid2.5/squid-2.5.STABLE7-ldap_search.patch) = f2f39856ada003854e00b91ac258e07f +SIZE (squid2.5/squid-2.5.STABLE7-ldap_search.patch) = 3719 +MD5 (squid2.5/squid-2.5.STABLE7-ntlm_segfault.patch) = 538a534a9a1acbbcb62cb64f618e325e +SIZE (squid2.5/squid-2.5.STABLE7-ntlm_segfault.patch) = 2076 +MD5 (squid2.5/squid-2.5.STABLE7-post.patch) = ed73f46585b90319fc36e7f85130febc +SIZE (squid2.5/squid-2.5.STABLE7-post.patch) = 3172 +MD5 (squid2.5/squid-2.5.STABLE7-server_post.patch) = 86733a0d6052dc65b913fe7bf6357e43 +SIZE (squid2.5/squid-2.5.STABLE7-server_post.patch) = 1424 +MD5 (squid2.5/squid-2.5.STABLE7-wccp_disturb.patch) = 658cc713f3928e8a9774cb6543547c49 +SIZE (squid2.5/squid-2.5.STABLE7-wccp_disturb.patch) = 5075 Index: Makefile =================================================================== --- Makefile (revision 394) +++ Makefile (revision 395) @@ -110,7 +110,12 @@ squid-2.5.STABLE7-short_icons_urls.patch \ squid-2.5.STABLE7-response_splitting.patch \ squid-2.5.STABLE7-wccp_buffer_overflow.patch \ - squid-2.5.STABLE7-oversize_reply_headers.patch + squid-2.5.STABLE7-oversize_reply_headers.patch \ + squid-2.5.STABLE7-ldap_search.patch \ + squid-2.5.STABLE7-ntlm_segfault.patch \ + squid-2.5.STABLE7-post.patch \ + squid-2.5.STABLE7-server_post.patch \ + squid-2.5.STABLE7-wccp_disturb.patch PATCH_DIST_STRIP= -p1 MAINTAINER= tmseck@netcologne.de
State Changed From-To: open->closed Committed, thanks!