2011-12-22 09:22:06 |
Mahyuddin Susanto |
bug |
|
|
added bug |
2011-12-22 09:22:15 |
Mahyuddin Susanto |
squid3 (Ubuntu): status |
New |
In Progress |
|
2011-12-22 09:22:19 |
Mahyuddin Susanto |
squid3 (Ubuntu): assignee |
|
Mahyuddin Susanto (udienz) |
|
2011-12-22 15:17:43 |
Mahyuddin Susanto |
security vulnerability |
no |
yes |
|
2011-12-22 15:18:02 |
Mahyuddin Susanto |
cve linked |
|
2011-3205 |
|
2011-12-22 15:18:29 |
Mahyuddin Susanto |
attachment added |
|
squid3-lucid.debdiff https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+attachment/2643908/+files/squid3-lucid.debdiff |
|
2011-12-22 15:18:56 |
Mahyuddin Susanto |
attachment added |
|
squid3-maverick.debdiff https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+attachment/2643909/+files/squid3-maverick.debdiff |
|
2011-12-22 15:19:15 |
Mahyuddin Susanto |
attachment added |
|
squid3-natty.debdiff https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+attachment/2643910/+files/squid3-natty.debdiff |
|
2011-12-22 15:19:33 |
Mahyuddin Susanto |
attachment added |
|
squid3-oneiric.debdiff https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+attachment/2643911/+files/squid3-oneiric.debdiff |
|
2011-12-22 15:19:47 |
Mahyuddin Susanto |
squid3 (Ubuntu): status |
In Progress |
New |
|
2011-12-22 15:19:49 |
Mahyuddin Susanto |
squid3 (Ubuntu): assignee |
Mahyuddin Susanto (udienz) |
|
|
2011-12-22 15:20:32 |
Mahyuddin Susanto |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2011-12-23 11:37:36 |
Robie Basak |
squid3 (Ubuntu): status |
New |
Triaged |
|
2011-12-23 11:37:39 |
Robie Basak |
squid3 (Ubuntu): importance |
Undecided |
High |
|
2012-01-04 11:42:04 |
Mahyuddin Susanto |
squid3 (Ubuntu): status |
Triaged |
New |
|
2012-01-04 11:48:29 |
Mahyuddin Susanto |
nominated for series |
|
Ubuntu Lucid |
|
2012-01-04 11:48:29 |
Mahyuddin Susanto |
bug task added |
|
squid3 (Ubuntu Lucid) |
|
2012-01-04 11:48:29 |
Mahyuddin Susanto |
nominated for series |
|
Ubuntu Maverick |
|
2012-01-04 11:48:29 |
Mahyuddin Susanto |
bug task added |
|
squid3 (Ubuntu Maverick) |
|
2012-01-04 11:48:29 |
Mahyuddin Susanto |
nominated for series |
|
Ubuntu Oneiric |
|
2012-01-04 11:48:29 |
Mahyuddin Susanto |
bug task added |
|
squid3 (Ubuntu Oneiric) |
|
2012-01-04 11:48:29 |
Mahyuddin Susanto |
nominated for series |
|
Ubuntu Natty |
|
2012-01-04 11:48:29 |
Mahyuddin Susanto |
bug task added |
|
squid3 (Ubuntu Natty) |
|
2012-01-04 11:49:14 |
Mahyuddin Susanto |
squid3 (Ubuntu): status |
New |
Fix Released |
|
2012-01-04 11:50:03 |
Mahyuddin Susanto |
description |
Description
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher
reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2
before 3.2.0.11 allows remote Gopher servers to cause a denial of service
(memory corruption and daemon restart) or possibly have unspecified other
impact via a long line in a response. NOTE: This issue exists because of a
CVE-2005-0094 regression.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3205
https://bugzilla.redhat.com/show_bug.cgi?id=734583
Patch: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch |
Description
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher
reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2
before 3.2.0.11 allows remote Gopher servers to cause a denial of service
(memory corruption and daemon restart) or possibly have unspecified other
impact via a long line in a response. NOTE: This issue exists because of a
CVE-2005-0094 regression.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3205
https://bugzilla.redhat.com/show_bug.cgi?id=734583
Patch: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch
Fixed in Version: Squid 3.0.STABLE26, 3.1.15, 3.2.0.11 |
|
2012-01-16 14:33:43 |
Marc Deslauriers |
squid3 (Ubuntu Maverick): status |
New |
Fix Committed |
|
2012-01-16 14:33:47 |
Marc Deslauriers |
squid3 (Ubuntu Oneiric): status |
New |
Fix Committed |
|
2012-01-16 14:33:51 |
Marc Deslauriers |
squid3 (Ubuntu Natty): status |
New |
Fix Committed |
|
2012-01-17 16:15:03 |
Marc Deslauriers |
squid3 (Ubuntu Maverick): status |
Fix Committed |
Fix Released |
|
2012-01-17 16:15:06 |
Marc Deslauriers |
squid3 (Ubuntu Natty): status |
Fix Committed |
Fix Released |
|
2012-01-17 16:15:08 |
Marc Deslauriers |
squid3 (Ubuntu Oneiric): status |
Fix Committed |
Fix Released |
|
2012-01-17 16:15:13 |
Marc Deslauriers |
squid3 (Ubuntu Lucid): status |
New |
Incomplete |
|
2012-01-18 05:57:31 |
Mahyuddin Susanto |
attachment removed |
squid3-lucid.debdiff https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+attachment/2643908/+files/squid3-lucid.debdiff |
|
|
2012-01-18 06:15:22 |
Mahyuddin Susanto |
attachment added |
|
squid3_3.0.STABLE19-1ubuntu0.2.dsc.debdiff https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+attachment/2680245/+files/squid3_3.0.STABLE19-1ubuntu0.2.dsc.debdiff |
|
2012-01-18 06:15:32 |
Mahyuddin Susanto |
squid3 (Ubuntu Lucid): status |
Incomplete |
New |
|
2012-01-19 13:56:11 |
Marc Deslauriers |
squid3 (Ubuntu Lucid): status |
New |
Fix Committed |
|
2012-01-23 16:04:03 |
Launchpad Janitor |
squid3 (Ubuntu Lucid): status |
Fix Committed |
Fix Released |
|
2012-01-23 16:04:03 |
Launchpad Janitor |
cve linked |
|
2010-0308 |
|
2012-01-23 16:04:03 |
Launchpad Janitor |
cve linked |
|
2010-0639 |
|
2012-01-23 16:13:41 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-security/squid3 |
|