Bug#560779: marked as done (polipo: DoS via overly large "Content-Length" header)
Your message dated Fri, 19 Feb 2010 19:55:35 +0000
with message-id <E1NiYwp-0000nO-TK@ries.debian.org>
and subject line Bug#560779: fixed in polipo 1.0.4-1+lenny1
has caused the Debian Bug report #560779,
regarding polipo: DoS via overly large "Content-Length" header
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
560779: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560779
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: polipo: DoS via overly large "Content-Length" header
- From: Raphael Geissert <geissert@debian.org>
- Date: Sat, 12 Dec 2009 00:45:58 -0600
- Message-id: <200912120045.59792.geissert@debian.org>
Package: polipo
Version: 0.9.12-1
Severity: grave
Tags: security
Hi,
A vulnerability has been found in polipo that allows a remote attacker to
crash the daemon via an overly large "Content-Length" header.
The vulnerability is caused by connection->reqlen (in client.c:
httpClientDiscardBody()) being a signed integer which can be overflowed
turning it into a negative value which later leads to a segmentation fault in
the call to memmove.
If you fix this vulnerability please include the CVE id in your changelog
entry, when one is assigned. Please work with the security team to fix this
vulnerability in the stable and oldstable releases.
For further information see:
http://www.exploit-db.com/exploits/10338
http://secunia.com/advisories/37607/
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---
- To: 560779-close@bugs.debian.org
- Subject: Bug#560779: fixed in polipo 1.0.4-1+lenny1
- From: Stefan Fritsch <sf@debian.org>
- Date: Fri, 19 Feb 2010 19:55:35 +0000
- Message-id: <E1NiYwp-0000nO-TK@ries.debian.org>
Source: polipo
Source-Version: 1.0.4-1+lenny1
We believe that the bug you reported is fixed in the latest version of
polipo, which is due to be installed in the Debian FTP archive:
polipo_1.0.4-1+lenny1.diff.gz
to main/p/polipo/polipo_1.0.4-1+lenny1.diff.gz
polipo_1.0.4-1+lenny1.dsc
to main/p/polipo/polipo_1.0.4-1+lenny1.dsc
polipo_1.0.4-1+lenny1_i386.deb
to main/p/polipo/polipo_1.0.4-1+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 560779@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated polipo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 17 Feb 2010 20:31:37 +0100
Source: polipo
Binary: polipo
Architecture: source i386
Version: 1.0.4-1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Denis V. Sirotkin <fechiny@gmail.com>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
polipo - a small, caching web proxy
Closes: 547047 560779
Changes:
polipo (1.0.4-1+lenny1) stable-security; urgency=high
.
[ Stefan Fritsch ]
* Non-maintainer upload by the Security Team.
* Backport various security related bug fixes from upstream git.
* Fix segfault when server sends Cache-Control: max-age without a value
(closes: #547047, CVE-2009-3305).
.
[ Andreas Kirschbaum ]
* Apply upstream commit to fix DoS via overly large "Content-Length"
header; fixes CVE-2009-4413 (closes: #560779)
Checksums-Sha1:
485ac6e4844c157bd4e0ebd56302aa82e694dec6 1042 polipo_1.0.4-1+lenny1.dsc
ba562906d125a6bf72dc36c2d078147d40cf8722 180487 polipo_1.0.4.orig.tar.gz
1808bdf4f47219863d7de6894af2fbab98f93500 13430 polipo_1.0.4-1+lenny1.diff.gz
f253afca3c423bd3b0789db7655f9db6c7662f80 191848 polipo_1.0.4-1+lenny1_i386.deb
Checksums-Sha256:
90a376437eb8e4ccde04e6cb7dc541037c69cf7fdb7a94b236456e853be96e93 1042 polipo_1.0.4-1+lenny1.dsc
f6458a3ab2548280d4f5596f8d5ae60c61ddf7147ee0b3bb2d67b96da49c0436 180487 polipo_1.0.4.orig.tar.gz
b4eaf56b26226f0681df3473271eb5110e4fff6acca549a5160f04e05a9aa8e8 13430 polipo_1.0.4-1+lenny1.diff.gz
9f8c0507255e42052aee2604ee8aeb7fc475f5bc1a83444046cf427722a5bd24 191848 polipo_1.0.4-1+lenny1_i386.deb
Files:
4bb50ed5472fcd6b264cb89816586bbe 1042 web optional polipo_1.0.4-1+lenny1.dsc
defdce7f8002ca68705b6c2c36c4d096 180487 web optional polipo_1.0.4.orig.tar.gz
4cc90f3327e4018c56b4e140cbcb2f46 13430 web optional polipo_1.0.4-1+lenny1.diff.gz
33af29a3f9e091dd6437fc3f3bfccab9 191848 web optional polipo_1.0.4-1+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD4DBQFLfE0tbxelr8HyTqQRAmmRAJ47Hx4C3QUud/up/BzZhk8sVS4ajgCY46fY
eeuA08NSfFby46IUIzFbbQ==
=6XhM
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: