Last commit made on 2005-12-20
Get this branch:
git clone -b ubuntu/warty-security https://git.launchpad.net/ubuntu/+source/squid
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

845247c... by Martin Pitt on 2005-09-30

Import patches-unapplied version 2.5.5-6ubuntu0.11 to ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 6ee4ae76352c4b83aeff42f8ad1072c15fdf5b1c

New changelog entries:
  * SECURITY UPDATE: Fix remote DoS.
  * Add debian/patches/38-NTLM-scheme-assert.dpatch:
    - Fix crash when receiving specially crafted NTLM authentication requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-NTLM-scheme_assert
    - CAN-2005-2917
  * SECURITY UPDATE: Fix several DoS vulnerabilities.
  * Add debian/patches/36-ssl-connect-timeout.dpatch:
    - After certain slightly odd requests Squid crashes with a segmentation
      fault in sslConnectTimeout.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
    - CAN-2005-2796
  * Add debian/patches/37-store-pending-assert.dpatch:
    - Squid crashes with an assertion failure in certain conditions involving
      aborted requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING
    - CAN-2005-2794
  * SECURITY UPDATE: Fix DNS spoofing.
  * Added debian/patches/35-dns-query.dpatch:
    - Properly verify DNS query answers to defend against DNS spoof attacks.
  * References:
    - CAN-2005-1519
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query
  * SECURITY UPDATE: Fix possible unsafe ACL configuration.
  * Added debian/patches/34-acl-error:
    - On configuration errors involving wrongly defined or missing acls the
      http_access results may be different than expected, possibly allowing more
      access than intended. This patch makes such configuration errors a fatal
      error, preventing the service from starting until the access control
      configuration errors have been corrected.
  * References:
    - CAN-2005-1345
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error
  * SECURITY UPDATE: Fix remote Denial of Service.
  * Added debian/patches/33-putpost.dpatch: Protect from double free() when a
    PUT or POST connection is closed by the remote end.
  * References:
  * SECURITY UPDATE: Fix cookie information disclosure.
  * Added debian/patches/32-setcookie.dpatch (upstream patch, taken from
    Debian package): Fix race condition of Set-Cookie headers when using the
    old Netscape protocol.
  * References:
  * SECURITY UPDATE: fix remote Denial of Service
  * Added debian/patches/30-dns-assert.dpatch:
    - Do not abort with an assertion failure if a malicious DNS server
      responds with a malformed IP address.
    - References:
  * Added debian/patches/31-empty-acls.dpatch:
    - The meaning of the access controls becomes somewhat confusing if any of
      the referenced ACLs is declared empty, without any members.
    - References:
  * SECURITY UPDATE: fix several vulnerabilities
  * debian/patches/26-ldap-spaces.dpatch:
    - Ignore leading/trailing whitespace in login names when using LDAP
    - References:
  * debian/patches/27-http-header-parsing.dpatch:
    - Reject malformed HTTP requests and responses that conflict with the HTTP
      specifications. This avoids cache pollution.
    - References:
  * debian/patches/28-response-splitting.dpatch:
    - Strengthen Squid from HTTP response splitting cache pollution attack.
    - References:
  * debian/patches/29-wcpp-buffer-overflow.dpatch:
    - Fix buffer overflow in src/wccp.c triggered by overly long WCCP packets.
    - References:
  * SECURITY UPDATE: Fix several DoS vulnerabilities found by infamous41md.
    Fixes based on upstream supplied patches, but these changed lots of
    irrelevant stuff, so they were trimmed down.
  * debian/patches/22-gopher_html_parsing.dpatch:
    - Avoid buffer overflow if a malicious Gopher server sends a line bigger
      than 4096 characters.
    - References:
  * debian/patches/23-wccp-denial-of-service.dpatch:
    - Fix crash when receiving malformed WCCP packages with spoofed source
    - References:
  * debian/patches/24-fakeauth_auth-crash.dpatch:
    - Check for NULL return value of ntlmGetString() (which happens on
      malformed NTLM type 3 packages) before using the pointer.
    - References:
  * debian/patches/debian/patches/25-fakeauth_auth-memleak.dpatch:
    - Free cleartext buffer after using it to fix memory leak.
    - References:
  * rebuilt debian/patches/21-asn-negative-length.dpatch with the Warty
    version of dpatch; the Hoary version messed it up
  * SECURITY UPDATE to fix several DoS vulnerabilities.
  * debian/patches/20-ntlm-fetch-string.dpatch:
    - The ntlm_fetch_string and ntlm_get_string functions, with NTLM
      authentication enabled, allowed remote attackers to cause a denial of
      service (application crash) via an NTLMSSP packet that causes a negative
      value to be passed to memcpy.
    - Patch taken from Debian package version 2.5.6-8, also at
    - CAN-2004-0832
  * debian/patches/21-asn-negative-length.dpatch:
    - The asn_parse_header function (asn1.c) in the SNMP module allowed remote
      attackers to cause a denial of service (server restart with dropping
      all open connections) via certain SNMP packets with negative length
      fields that causes a memory allocation error.
    - Patch backported from stable release 2.5.7.
    - CAN-2004-0918

6ee4ae7... by Luigi Gangitano on 2004-06-18

Import patches-unapplied version 2.5.5-6 to ubuntu/warty

Imported using git-ubuntu import.