[pkg-squid-devel] 3.4 RC-type bug fixes
Amos Jeffries
squid3 at treenet.co.nz
Wed Jan 28 01:52:15 UTC 2015
These following patches fix issues that have not all been reported to
Debian yet, but already fixed in the upstream 3.4 series. I believe they
are (or close to) RC level bugs in the current 3.4.8 package.
I will leave the final call on adding these and with what patch names to
you Luigi since you seem to have a patch numbering sequence I've not got
my head around.
Excessive CPU consumption (or crash) when contacting servers with many
IP addresses (>10 IPs in Debian package version):
<http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13199.patch>
Excessive memory and CPU consumption when performing NTLM or Negotiate
authentication, resulting in loss of service:
<http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13210.patch>
Nonce replay vulnerability in Digest authentication:
<http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13211.patch>
Incorrect security permissions for TOS/DiffServ packet marking:
<http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13213.patch>
(Squid is not having a specific vulnerability here, but will fail to
mark packets correctly for external firewall use which may have nasty
side effects)
... and in the less important issues. This closes Debian #742425
<http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13203.patch>
Amos
More information about the pkg-squid-devel
mailing list