enterprise-support team mailing list archive

Thread
Date

[Bug 1835831] Re: FTBFS: gcc9 stringop-truncation and others

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1835831@xxxxxxxxxxxxxxxxxx>
Date: Fri, 19 Jul 2019 18:57:18 -0000
Reply-to: Bug 1835831 <1835831@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package squid - 4.6-2ubuntu4

---------------
squid (4.6-2ubuntu4) eoan; urgency=medium

  * Fix gcc-9 issues (LP: #1835831)
    - Remove -Wno-sizeof-pointer-memaccess -Wno-stringop-truncation
    - debian/patches/more-gcc-9-fixes.patch: switch to xstrncpy in
      lib/smblib/smblib-util.c.
  * SECURITY UPDATE: incorrect digest auth parameter parsing
    - debian/patches/CVE-2019-12525.patch: check length in
      src/auth/digest/Config.cc.
    - CVE-2019-12525
  * SECURITY UPDATE: buffer overflow in basic auth decoding
    - debian/patches/CVE-2019-12527.patch: switch to SBuf in
      src/HttpHeader.cc, src/HttpHeader.h, src/cache_manager.cc,
      src/clients/FtpGateway.cc.
    - CVE-2019-12527
  * SECURITY UPDATE: basic auth uudecode length issue
    - debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle
      base64 decoder in lib/Makefile.*, src/auth/basic/Config.cc,
      include/uudecode.h, lib/uudecode.c.
    - CVE-2019-12529
  * SECURITY UPDATE: XSS issues in cachemgr.cgi
    - debian/patches/CVE-2019-13345.patch: properly escape values in
      tools/cachemgr.cc.
    - CVE-2019-13345

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Fri, 19 Jul 2019
08:01:58 -0400

** Changed in: squid (Ubuntu)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12525

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12527

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12529

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-13345

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to squid in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1835831

Title:
  FTBFS: gcc9 stringop-truncation and others

To manage notifications about this bug go to:
https://bugs.launchpad.net/squid/+bug/1835831/+subscriptions

References

[Bug 1835831] [NEW] FTBFS: gcc9 stringop-truncation
From: Andreas Hasenack, 2019-07-08