ports/76967: [Maintainer/security] integrate vendor patch regarding oversized HTTP reply headers
Thomas-Martin Seck
tmseck at netcologne.de
Tue Feb 1 16:00:34 UTC 2005
>Number: 76967
>Category: ports
>Synopsis: [Maintainer/security] integrate vendor patch regarding oversized HTTP reply headers
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Feb 01 16:00:33 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Thomas-Martin Seck
>Release: FreeBSD 4.11-STABLE i386
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of Feb 01, 2005.
>Description:
Integrate the following vendor patch as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
- Address HTTP protocol mismatch related to oversized reply headers and
enhance cache.log on reply header parsing failures (squid bug #1216)
This bug is classified as security issue by the vendor, further details
about the impact of the vulnerability are not known (to maintainer).
Proposed VuXML data, entry date left to be filled in:
<vuln vid="bfda39de-7467-11d9-9e1e-c296ac722cb3">
<topic>squid -- correct handling of oversized HTTP reply headers</topic>
<affects>
<package>
<name>squid</name>
<range><lt>2.5.7_12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The squid patches page notes:</p>
<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch">
<p>This patch addresses a HTTP protocol mismatch related to oversized
reply headers. In addition it enhances the cache.log reporting on
reply header parsing failures to make it easier to track down which
sites are malfunctioning.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1216</url>
<url>http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch</url>
</references>
<dates>
<discovery>2005-01-31</discovery>
<entry></entry>
</dates>
</vuln>
>How-To-Repeat:
>Fix:
Apply this patch:
Index: distinfo
===================================================================
--- distinfo (revision 376)
+++ distinfo (revision 378)
@@ -46,3 +46,5 @@
SIZE (squid2.5/squid-2.5.STABLE7-response_splitting.patch) = 10427
MD5 (squid2.5/squid-2.5.STABLE7-wccp_buffer_overflow.patch) = 01b1a4a23f170723d7e2bc3846e12c73
SIZE (squid2.5/squid-2.5.STABLE7-wccp_buffer_overflow.patch) = 505
+MD5 (squid2.5/squid-2.5.STABLE7-oversize_reply_headers.patch) = 729c626f76637546b5ded70da6e0ee20
+SIZE (squid2.5/squid-2.5.STABLE7-oversize_reply_headers.patch) = 3056
Index: Makefile
===================================================================
--- Makefile (revision 376)
+++ Makefile (revision 378)
@@ -74,7 +74,7 @@
PORTNAME= squid
PORTVERSION= 2.5.7
-PORTREVISION= 11
+PORTREVISION= 12
CATEGORIES= www
MASTER_SITES= \
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
@@ -109,7 +109,8 @@
squid-2.5.STABLE7-ftp_datachannel.patch \
squid-2.5.STABLE7-short_icons_urls.patch \
squid-2.5.STABLE7-response_splitting.patch \
- squid-2.5.STABLE7-wccp_buffer_overflow.patch
+ squid-2.5.STABLE7-wccp_buffer_overflow.patch \
+ squid-2.5.STABLE7-oversize_reply_headers.patch
PATCH_DIST_STRIP= -p1
MAINTAINER= tmseck at netcologne.de
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list