enterprise-support team mailing list archive

Thread
Date

[Bug 907687] Re: CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <907687@xxxxxxxxxxxxxxxxxx>
Date: Mon, 23 Jan 2012 16:04:03 -0000
Reply-to: Bug 907687 <907687@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package squid3 - 3.0.STABLE19-1ubuntu0.2

---------------
squid3 (3.0.STABLE19-1ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: Fix DoS (assertion failure) via a crafted DNS packet
    that only contains header. (LP: #907686)
    - debian/patches/CVE-2010-0308.dpatch: patch derived from upstream.
    - CVE-2010-0308
  * SECURITY UDPATE: Fix DoS (NULL pointer dereference and daemon crash) via
    crafted packets to the HTCP port. (LP: #907690)
    - debian/patches/CVE-2010-0639.dpatch: patch derived from upstream.
    - CVE-2010-0639
  * SECURITY UPDATE: Fix DoS (memory corruption and daemon restart) or possibly
    have unspecified other impact via a long line in a response by remote
    Gopher servers. (LP: #907687)
    - debian/patches/CVE-2011-3205.dpatch: patch derived from upstream.
    - CVE-2011-3205
 -- Mahyuddin Susanto <udienz@xxxxxxxxxx>   Wed, 18 Jan 2012 12:46:59 +0700

** Changed in: squid3 (Ubuntu Lucid)
       Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0308

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to squid3 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/907687

Title:
  CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via
  crafted packets to the HTCP port

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907687/+subscriptions