diff -Nru /tmp/ddTdIdyhKQ/squid3-3.0.PRE5/debian/changelog /tmp/fvxhXbPhxS/squid3-3.0.PRE5/debian/changelog --- /tmp/ddTdIdyhKQ/squid3-3.0.PRE5/debian/changelog 2008-02-01 12:53:33.000000000 +0000 +++ /tmp/fvxhXbPhxS/squid3-3.0.PRE5/debian/changelog 2008-02-01 12:53:33.000000000 +0000 @@ -1,3 +1,12 @@ +squid3 (3.0.PRE5-5ubuntu1) feisty-security; urgency=low + + * SECURITY UPDATE: Clean up squid cache correctly. + * Add CVE-2007-6239.dpatch + * References: + CVE-2007-6239 + + -- Chuck Short Thu, 31 Jan 2008 20:49:58 +0000 + squid3 (3.0.PRE5-5) unstable; urgency=low * debian/control diff -Nru /tmp/ddTdIdyhKQ/squid3-3.0.PRE5/debian/patches/00list /tmp/fvxhXbPhxS/squid3-3.0.PRE5/debian/patches/00list --- /tmp/ddTdIdyhKQ/squid3-3.0.PRE5/debian/patches/00list 2008-02-01 12:53:33.000000000 +0000 +++ /tmp/fvxhXbPhxS/squid3-3.0.PRE5/debian/patches/00list 2008-02-01 12:53:33.000000000 +0000 @@ -1,3 +1,4 @@ 01-cf.data.debian 02-makefile-defaults 04-m68k-ftbfs +CVE-2007-6239 diff -Nru /tmp/ddTdIdyhKQ/squid3-3.0.PRE5/debian/patches/CVE-2007-6239.dpatch /tmp/fvxhXbPhxS/squid3-3.0.PRE5/debian/patches/CVE-2007-6239.dpatch --- /tmp/ddTdIdyhKQ/squid3-3.0.PRE5/debian/patches/CVE-2007-6239.dpatch 1970-01-01 00:00:00.000000000 +0000 +++ /tmp/fvxhXbPhxS/squid3-3.0.PRE5/debian/patches/CVE-2007-6239.dpatch 2008-02-01 12:53:33.000000000 +0000 @@ -0,0 +1,78 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +diff -Naur squid3-3.0.PRE5.orig/include/Array.h squid3-3.0.PRE5/include/Array.h +--- squid3-3.0.PRE5.orig/include/Array.h 2005-11-21 22:43:41.000000000 +0000 ++++ squid3-3.0.PRE5/include/Array.h 2008-01-31 20:41:36.000000000 +0000 +@@ -98,6 +98,7 @@ + E &back(); + E pop_back(); + E shift(); // aka pop_front ++ void prune(E); + void preAppend(int app_count); + bool empty() const; + size_t size() const; +@@ -243,6 +244,23 @@ + return items[size() - 1]; + } + ++template ++void ++Vector::prune(E item) ++{ ++ unsigned int n = 0; ++ for (unsigned int i = 0; i < count; i++) { ++ if (items[i] != item) { ++ if (i != n) ++ items[n] = items[i]; ++ n++; ++ } ++ } ++ ++ count = n; ++} ++ ++ + /* if you are going to append a known and large number of items, call this first */ + template + void +diff -Naur squid3-3.0.PRE5.orig/src/HttpHeader.cc squid3-3.0.PRE5/src/HttpHeader.cc +--- squid3-3.0.PRE5.orig/src/HttpHeader.cc 2006-10-02 09:52:06.000000000 +0000 ++++ squid3-3.0.PRE5/src/HttpHeader.cc 2008-01-31 20:46:07.000000000 +0000 +@@ -774,6 +774,14 @@ + delete e; + } + ++/* ++ * Compacts the header storage ++ */ ++void ++HttpHeader::compact() ++{ ++ entries.prune(NULL); ++} + + /* appends an entry; + * does not call e->clone() so one should not reuse "*e" +diff -Naur squid3-3.0.PRE5.orig/src/HttpHeader.h squid3-3.0.PRE5/src/HttpHeader.h +--- squid3-3.0.PRE5.orig/src/HttpHeader.h 2006-10-02 09:52:06.000000000 +0000 ++++ squid3-3.0.PRE5/src/HttpHeader.h 2008-01-31 20:46:30.000000000 +0000 +@@ -200,6 +200,7 @@ + void clean(); + void append(const HttpHeader * src); + void update (HttpHeader const *fresh, HttpHeaderMask const *denied_mask); ++ void compact(); + int reset(); + int parse(const char *header_start, const char *header_end); + void packInto(Packer * p) const; +diff -Naur squid3-3.0.PRE5.orig/src/HttpReply.cc squid3-3.0.PRE5/src/HttpReply.cc +--- squid3-3.0.PRE5.orig/src/HttpReply.cc 2006-10-31 23:30:56.000000000 +0000 ++++ squid3-3.0.PRE5/src/HttpReply.cc 2008-01-31 20:47:02.000000000 +0000 +@@ -325,6 +325,7 @@ + header.update(&freshRep->header, + (const HttpHeaderMask *) &Denied304HeadersMask); + ++ header.compact(); + /* init cache */ + hdrCacheInit(); + }