Date: 1 Feb 2005 15:53:43 -0000 From: Thomas-Martin Seck <tmseck@netcologne.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: security-team@FreeBSD.org Subject: ports/76967: [Maintainer/security] integrate vendor patch regarding oversized HTTP reply headers Message-ID: <20050201155343.3326.qmail@laurel.tmseck.homedns.org> Resent-Message-ID: <200502011600.j11G0XqL086649@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 76967 >Category: ports >Synopsis: [Maintainer/security] integrate vendor patch regarding oversized HTTP reply headers >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Feb 01 16:00:33 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Thomas-Martin Seck >Release: FreeBSD 4.11-STABLE i386 >Organization: a private site in Germany >Environment: FreeBSD ports collection as of Feb 01, 2005. >Description: Integrate the following vendor patch as published on <http://www.squid-cache.org/Versions/v2/2.5/bugs/>: - Address HTTP protocol mismatch related to oversized reply headers and enhance cache.log on reply header parsing failures (squid bug #1216) This bug is classified as security issue by the vendor, further details about the impact of the vulnerability are not known (to maintainer). Proposed VuXML data, entry date left to be filled in: <vuln vid="bfda39de-7467-11d9-9e1e-c296ac722cb3"> <topic>squid -- correct handling of oversized HTTP reply headers</topic> <affects> <package> <name>squid</name> <range><lt>2.5.7_12</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>The squid patches page notes:</p> <blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch">; <p>This patch addresses a HTTP protocol mismatch related to oversized reply headers. In addition it enhances the cache.log reporting on reply header parsing failures to make it easier to track down which sites are malfunctioning.</p> </blockquote> </body> </description> <references> <url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1216</url>; <url>http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch</url>; </references> <dates> <discovery>2005-01-31</discovery> <entry></entry> </dates> </vuln> >How-To-Repeat: >Fix: Apply this patch: Index: distinfo =================================================================== --- distinfo (revision 376) +++ distinfo (revision 378) @@ -46,3 +46,5 @@ SIZE (squid2.5/squid-2.5.STABLE7-response_splitting.patch) = 10427 MD5 (squid2.5/squid-2.5.STABLE7-wccp_buffer_overflow.patch) = 01b1a4a23f170723d7e2bc3846e12c73 SIZE (squid2.5/squid-2.5.STABLE7-wccp_buffer_overflow.patch) = 505 +MD5 (squid2.5/squid-2.5.STABLE7-oversize_reply_headers.patch) = 729c626f76637546b5ded70da6e0ee20 +SIZE (squid2.5/squid-2.5.STABLE7-oversize_reply_headers.patch) = 3056 Index: Makefile =================================================================== --- Makefile (revision 376) +++ Makefile (revision 378) @@ -74,7 +74,7 @@ PORTNAME= squid PORTVERSION= 2.5.7 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -109,7 +109,8 @@ squid-2.5.STABLE7-ftp_datachannel.patch \ squid-2.5.STABLE7-short_icons_urls.patch \ squid-2.5.STABLE7-response_splitting.patch \ - squid-2.5.STABLE7-wccp_buffer_overflow.patch + squid-2.5.STABLE7-wccp_buffer_overflow.patch \ + squid-2.5.STABLE7-oversize_reply_headers.patch PATCH_DIST_STRIP= -p1 MAINTAINER= tmseck@netcologne.de >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050201155343.3326.qmail>