[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA-1646-1] New squid packages fix array bounds check

Am Dienstag 07 Oktober 2008 schrieb Devin Carraway:
> ------------------------------------------------------------------------
> Debian Security Advisory DSA-1646-1                  security@debian.org
> http://www.debian.org/security/                           Devin Carraway
> October 07, 2008                      http://www.debian.org/security/faq
> ------------------------------------------------------------------------
>
> Package        : squid
> Vulnerability  : array bounds check
> Problem type   : remote
> Debian-specific: no
> CVE Id(s)      : CVE-2008-1612
>
> A weakness has been discovered in squid, a caching proxy server.  The
> flaw was introduced upstream in response to CVE-2007-6239, and
> announced by Debian in DSA-1482-1.  The flaw involves an
> over-aggressive bounds check on an array resize, and could be
> exploited by an authorized client to induce a denial of service
> condition against squid.

It seems that in 2.6.5-6etch2 sources 59-dos-cache-update-2 is missing from 
debian/patches/00list and thus does not get applied when building the 
package. Is this on purpose?

Amon Ott
-- 
Amon Ott - m-privacy GmbH
Am Köllnischen Park 1, 10179 Berlin
Tel: +49 30 24342334
Fax: +49 30 24342336
Web: http://www.m-privacy.de
Handelsregister:
 Amtsgericht Charlottenburg HRB 84946
Geschäftsführer:
 Dipl.-Kfm. Holger Maczkowsky,
 Roman Maczkowsky
GnuPG-Key-ID: EA898571
Reply to: