[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#560779: marked as done (polipo: DoS via overly large "Content-Length" header)

Your message dated Fri, 19 Feb 2010 19:55:35 +0000
with message-id <E1NiYwp-0000nO-TK@ries.debian.org>
and subject line Bug#560779: fixed in polipo 1.0.4-1+lenny1
has caused the Debian Bug report #560779,
regarding polipo: DoS via overly large "Content-Length" header
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

560779: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560779
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: polipo
Version: 0.9.12-1
Severity: grave
Tags: security


A vulnerability has been found in polipo that allows a remote attacker to 
crash the daemon via an overly large "Content-Length" header.
The vulnerability is caused by connection->reqlen (in client.c: 
httpClientDiscardBody()) being a signed integer which can be overflowed 
turning it into a negative value which later leads to a segmentation fault in 
the call to memmove.

If you fix this vulnerability please include the CVE id in your changelog 
entry, when one is assigned. Please work with the security team to fix this 
vulnerability in the stable and oldstable releases.

For further information see:

Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

--- End Message ---
--- Begin Message ---
Source: polipo
Source-Version: 1.0.4-1+lenny1

We believe that the bug you reported is fixed in the latest version of
polipo, which is due to be installed in the Debian FTP archive:

  to main/p/polipo/polipo_1.0.4-1+lenny1.diff.gz
  to main/p/polipo/polipo_1.0.4-1+lenny1.dsc
  to main/p/polipo/polipo_1.0.4-1+lenny1_i386.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 560779@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Stefan Fritsch <sf@debian.org> (supplier of updated polipo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Wed, 17 Feb 2010 20:31:37 +0100
Source: polipo
Binary: polipo
Architecture: source i386
Version: 1.0.4-1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Denis V. Sirotkin <fechiny@gmail.com>
Changed-By: Stefan Fritsch <sf@debian.org>
 polipo     - a small, caching web proxy
Closes: 547047 560779
 polipo (1.0.4-1+lenny1) stable-security; urgency=high
   [ Stefan Fritsch ]
   * Non-maintainer upload by the Security Team.
   * Backport various security related bug fixes from upstream git.
   * Fix segfault when server sends Cache-Control: max-age without a value
     (closes: #547047, CVE-2009-3305).
   [ Andreas Kirschbaum ]
   * Apply upstream commit to fix DoS via overly large "Content-Length"
     header; fixes CVE-2009-4413 (closes: #560779)
 485ac6e4844c157bd4e0ebd56302aa82e694dec6 1042 polipo_1.0.4-1+lenny1.dsc
 ba562906d125a6bf72dc36c2d078147d40cf8722 180487 polipo_1.0.4.orig.tar.gz
 1808bdf4f47219863d7de6894af2fbab98f93500 13430 polipo_1.0.4-1+lenny1.diff.gz
 f253afca3c423bd3b0789db7655f9db6c7662f80 191848 polipo_1.0.4-1+lenny1_i386.deb
 90a376437eb8e4ccde04e6cb7dc541037c69cf7fdb7a94b236456e853be96e93 1042 polipo_1.0.4-1+lenny1.dsc
 f6458a3ab2548280d4f5596f8d5ae60c61ddf7147ee0b3bb2d67b96da49c0436 180487 polipo_1.0.4.orig.tar.gz
 b4eaf56b26226f0681df3473271eb5110e4fff6acca549a5160f04e05a9aa8e8 13430 polipo_1.0.4-1+lenny1.diff.gz
 9f8c0507255e42052aee2604ee8aeb7fc475f5bc1a83444046cf427722a5bd24 191848 polipo_1.0.4-1+lenny1_i386.deb
 4bb50ed5472fcd6b264cb89816586bbe 1042 web optional polipo_1.0.4-1+lenny1.dsc
 defdce7f8002ca68705b6c2c36c4d096 180487 web optional polipo_1.0.4.orig.tar.gz
 4cc90f3327e4018c56b4e140cbcb2f46 13430 web optional polipo_1.0.4-1+lenny1.diff.gz
 33af29a3f9e091dd6437fc3f3bfccab9 191848 web optional polipo_1.0.4-1+lenny1_i386.deb

Version: GnuPG v1.4.10 (GNU/Linux)


--- End Message ---

Reply to: