[pkg-squid-devel] 3.4 RC-type bug fixes

Luigi Gangitano gangitano at lugroma3.org
Wed Jan 28 09:35:41 UTC 2015 

Hi Amos,

Thanks for the patch list. I would file a bug for each one, severity important, and then upload a new package fixing them, making an easier life for the Release Team.

On the patch numbering sequence, I just try to keep the sequence ordered without re-using the same number, so that patch 71 is always applied after patches <= 70. I know this can be done in the ‘series’ file for quilt, but still seems to me that a number in patch filename is easier to understand.

Regards,

L

> Il giorno 28/gen/2015, alle ore 02:52, Amos Jeffries <squid3 at treenet.co.nz> ha scritto:
> 
> These following patches fix issues that have not all been reported to
> Debian yet, but already fixed in the upstream 3.4 series. I believe they
> are (or close to) RC level bugs in the current 3.4.8 package.
> 
> I will leave the final call on adding these and with what patch names to
> you Luigi since you seem to have a patch numbering sequence I've not got
> my head around.
> 
> Excessive CPU consumption (or crash) when contacting servers with many
> IP addresses (>10 IPs in Debian package version):
> <http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13199.patch>
> 
> Excessive memory and CPU consumption when performing NTLM or Negotiate
> authentication, resulting in loss of service:
> <http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13210.patch>
> 
> Nonce replay vulnerability in Digest authentication:
> <http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13211.patch>
> 
> Incorrect security permissions for TOS/DiffServ packet marking:
> <http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13213.patch>
> (Squid is not having a specific vulnerability here, but will fail to
> mark packets correctly for external firewall use which may have nasty
> side effects)
> 
> 
> 
> ... and in the less important issues. This closes Debian #742425
> <http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13203.patch>
> 
> Amos
> 
> _______________________________________________
> pkg-squid-devel mailing list
> pkg-squid-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-squid-devel
> 

--
Luigi Gangitano -- <luigi at debian.org> -- <gangitano at lugroma3.org>
GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972  C24A F19B A618 924C 0C26
GPG: 4096R/2BA97CED: 8D48 5A35 FF1E 6EB7 90E5  0F6D 0284 F20C 2BA9 7CED

More information about the pkg-squid-devel mailing list