Ubuntu
squid3 package

Please merge squid3 3.1.6-1.2 (universe) from debian unstable (main)

Bug #717654 reported by Mahyuddin Susanto on 2011-02-12

8

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	squid3 (Ubuntu)	Fix Released	Wishlist	Artur Rona

Bug Description

Binary package hint: squid3

squid3 (3.1.6-1.2) unstable; urgency=low

   * Non-maintainer upload.
   * Fix DoS while processing large DNS replies with no IPv6 resolver present
     (CVE-2010-2951) (Closes: #599709)

-- Ben Hutchings <email address hidden> Sat, 30 Oct 2010 17:00:55 +0200

Related branches

lp:ubuntu/natty/squid3

CVE References

Mahyuddin Susanto (udienz) on 2011-02-12

Changed in squid3 (Ubuntu):
status:	New → In Progress
assignee:	nobody → Mahyuddin Susanto (udienz)

Revision history for this message

Mahyuddin Susanto (udienz) wrote on 2011-02-12:

#1

squid3_debian-ubuntu.debdiff Edit (8.7 KiB, text/plain)

Revision history for this message

Mahyuddin Susanto (udienz) wrote on 2011-02-12:

#2

squid3_ubuntu-ubuntu.debdiff Edit (6.6 KiB, text/plain)

Changed in squid3 (Ubuntu):
assignee:	Mahyuddin Susanto (udienz) → nobody
status:	In Progress → New

Revision history for this message

Mahyuddin Susanto (udienz) wrote on 2011-02-12:

#3

this merge also fixed bug 717653 (ftbfs) because of binutils with ld as-needed

Artur Rona (ari-tczew) on 2011-02-13

Changed in squid3 (Ubuntu):
assignee:	nobody → Artur Rona (ari-tczew)
status:	New → In Progress

Revision history for this message

Artur Rona (ari-tczew) wrote on 2011-02-13:

#4

Thank you for your time and efforts making Ubuntu better! However, squid3 is affected by two open security issues. Could you include patches for them?
http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-2951.html
http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3072.html

Changed in squid3 (Ubuntu):
assignee:	Artur Rona (ari-tczew) → nobody
importance:	Undecided → Wishlist
status:	In Progress → New

Revision history for this message

Artur Rona (ari-tczew) wrote on 2011-02-13:

#5

Ah CVE-2010-2951 is fixed in unstable, so I'd like to see second CVE fixed.

Revision history for this message

Mahyuddin Susanto (udienz) wrote on 2011-02-13:

#6

Hi Artur, CVE-2010-3072 already fixed in in 3.1.6-1.1, here is the changelog

squid3 (3.1.6-1.1) unstable; urgency=high

  * Non-maintainer upload by the security team
  * Fix DoS due to wrong string handling (Closes: #596086)
    Fixes: CVE-2010-3072

-- Steffen Joeris <email address hidden> Mon, 13 Sep 2010 17:07:51 +1000

Revision history for this message

Artur Rona (ari-tczew) wrote on 2011-02-13:

#7

Thank you for your contribution!

Changed in squid3 (Ubuntu):
assignee:	nobody → Artur Rona (ari-tczew)
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-02-13:

#8

This bug was fixed in the package squid3 - 3.1.6-1.2ubuntu1

---------------
squid3 (3.1.6-1.2ubuntu1) natty; urgency=low

  * Merge from debian unstable. (LP: #717654) Remaining changes:
    - debian/squid3.ufw.profile: Provide ufw profile
  * debian/patches/18-fix-ftbfs-binutils-gold.dpatch: Add sasl2 and kerberos
    library in LDADD to fix FTBFS binutils-gold with --as-needed. (LP: #717653)

squid3 (3.1.6-1.2) unstable; urgency=low

  * Non-maintainer upload.
  * Fix DoS while processing large DNS replies with no IPv6 resolver present
    (CVE-2010-2951) (Closes: #599709)
-- Mahyuddin Susanto <email address hidden> Sun, 13 Feb 2011 00:43:10 +0700

Changed in squid3 (Ubuntu):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.