diff -u squid3-3.1.6/debian/changelog squid3-3.1.6/debian/changelog --- squid3-3.1.6/debian/changelog +++ squid3-3.1.6/debian/changelog @@ -1,3 +1,13 @@ +squid3 (3.1.6-1.1ubuntu1.1) maverick-security; urgency=low + + * SECURITY UPDATE: Fix DoS while processing large DNS replies with no + IPv6 resolver present. (LP: #718127) + - debian/patches/17-CVE-2010-2951.dpatch + - CVE-2010-2951 + - http://bugs.squid-cache.org/show_bug.cgi?id=3009 + + -- Mahyuddin Susanto Sun, 13 Feb 2011 19:41:58 +0700 + squid3 (3.1.6-1.1ubuntu1) maverick; urgency=low * Merge with Debian unstable, Ubuntu remaining changes: diff -u squid3-3.1.6/debian/patches/00list squid3-3.1.6/debian/patches/00list --- squid3-3.1.6/debian/patches/00list +++ squid3-3.1.6/debian/patches/00list @@ -4,0 +5 @@ +17-CVE-2010-2951 only in patch2: unchanged: --- squid3-3.1.6.orig/debian/patches/17-CVE-2010-2951.dpatch +++ squid3-3.1.6/debian/patches/17-CVE-2010-2951.dpatch @@ -0,0 +1,34 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 17-CVE-2010-2951.dpatch by Stephen Thorne +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Bug 3021: Large DNS reply causes crash when no ipv6 resolver present + +@DPATCH@ + +--- a/src/dns_internal.cc ++++ b/src/dns_internal.cc +@@ -843,14 +843,16 @@ + + } while ( (x<0 && y<0) && q->nsends % nns != 0); + +- if (y >= 0) { +- fd_bytes(DnsSocketB, y, FD_WRITE); +- commSetSelect(DnsSocketB, COMM_SELECT_READ, idnsRead, NULL, 0); +- } ++ if (!q->need_vc) { ++ if (y >= 0) { ++ fd_bytes(DnsSocketB, y, FD_WRITE); ++ commSetSelect(DnsSocketB, COMM_SELECT_READ, idnsRead, NULL, 0); ++ } + +- if (x >= 0) { +- fd_bytes(DnsSocketA, x, FD_WRITE); +- commSetSelect(DnsSocketA, COMM_SELECT_READ, idnsRead, NULL, 0); ++ if (x >= 0) { ++ fd_bytes(DnsSocketA, x, FD_WRITE); ++ commSetSelect(DnsSocketA, COMM_SELECT_READ, idnsRead, NULL, 0); ++ } + } + + nameservers[ns].nqueries++;