Attachment 190915 Details for Bug 226138 – patch file

[patch] patch file

security_vuxml.patch (text/plain), 1.67 KB, created by Yasuhiro Kimura on 2018-02-23 11:26:55 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Yasuhiro Kimura

Created: 2018-02-23 11:26:55 UTC

Size: 1.67 KB

patch

obsolete

>Index: vuln.xml
>===================================================================
>--- vuln.xml	(revision 462684)
>+++ vuln.xml	(working copy)
>@@ -58,6 +58,38 @@
> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+ <vuln vid="d5b6d151-1887-11e8-94f7-9c5c8e75236a">
>+ <topic>squid -- Denial of Service issue in HTTP Message processing.</topic>
>+ <affects>
>+ <package>
>+	<name>squid</name>
>+	<range><le>3.5.27_2</le></range>
>+ </package>
>+ <package>
>+	<name>squid-devel</name>
>+	<range><le>4.0.22_1</le></range>
>+ </package>
>+ </affects>
>+ <description>
>+ <body xmlns="http://www.w3.org/1999/xhtml">
>+	Louis Dion-Marcil reports:
>+	<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2018_2.txt">
>+	 Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses or downloading intermediate CA certificates.
>+	 This problem allows a remote client delivering certain HTTP requests in conjunction with certain trusted server responses to trigger a denial of service for all clients accessing the Squid service.
>+	</blockquote>
>+ </body>
>+ </description>
>+ <references>
>+ <url>http://www.squid-cache.org/Advisories/SQUID-2018_2.txt</url>
>+ <cvename>CVE-2018-1000027</cvename>
>+ <url>https://www.debian.org/security/2018/dsa-4122</url>
>+ </references>
>+ <dates>
>+ <discovery>2018-01-19</discovery>
>+ <entry>2018-02-23</entry>
>+ </dates>
>+ </vuln>
>+
> <vuln vid="933654ce-17b8-11e8-90b8-001999f8d30b">
> <topic>asterisk -- multiple vulnerabilities</topic>
> <affects>

Actions: View | Diff

Attachments on bug 226138: 190915