Skip to content
Snippets Groups Projects
Commit 47f255a9 authored by Abhijith PA's avatar Abhijith PA
Browse files

squid3 patches

parent ef99089e
Branches
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 50 additions and 0 deletions
squid3_deb8u6.debdiff 0 → 100644
+ 50
0
View file @ 47f255a9
diff -Nru squid3-3.4.8/debian/changelog squid3-3.4.8/debian/changelog
--- squid3-3.4.8/debian/changelog 2018-02-18 17:20:03.000000000 +0100
+++ squid3-3.4.8/debian/changelog 2018-11-14 18:04:01.000000000 +0100
@@ -1,3 +1,11 @@
+squid3 (3.4.8-6+deb8u6) jessie-security; urgency=medium
+
+ * Non-maintainer upload by the Debian LTS Team.
+ * Fix CVE-2018-19132: denial of service via an SNMP packet
+ (Closes: #912294)
+
+ -- Abhijith PA <abhijith@disroot.org> Wed, 14 Nov 2018 22:34:01 +0530
+
squid3 (3.4.8-6+deb8u5) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru squid3-3.4.8/debian/patches/CVE-2018-19132.patch squid3-3.4.8/debian/patches/CVE-2018-19132.patch
--- squid3-3.4.8/debian/patches/CVE-2018-19132.patch 1970-01-01 01:00:00.000000000 +0100
+++ squid3-3.4.8/debian/patches/CVE-2018-19132.patch 2018-11-14 18:04:01.000000000 +0100
@@ -0,0 +1,22 @@
+commit bc9786119f058a76ddf0625424bc33d36460b9a2 (refs/remotes/origin/v3.5)
+Author: flozilla <fishyflow@gmail.com>
+Date: 2018-10-24 14:12:01 +0200
+
+ Fix memory leak when parsing SNMP packet (#313)
+
+ SNMP queries denied by snmp_access rules and queries with certain
+ unsupported SNMPv2 commands were leaking a few hundred bytes each. Such
+ queries trigger "SNMP agent query DENIED from..." WARNINGs in cache.log.
+
+Index: squid3-3.4.8/src/snmp_core.cc
+===================================================================
+--- squid3-3.4.8.orig/src/snmp_core.cc
++++ squid3-3.4.8/src/snmp_core.cc
+@@ -430,6 +430,7 @@ snmpDecodePacket(SnmpRequest * rq)
+ snmpConstructReponse(rq);
+ } else {
+ debugs(49, DBG_IMPORTANT, "WARNING: SNMP agent query DENIED from : " << rq->from);
++ snmp_free_pdu(PDU);
+ }
+ xfree(Community);
+
diff -Nru squid3-3.4.8/debian/patches/series squid3-3.4.8/debian/patches/series
--- squid3-3.4.8/debian/patches/series 2018-02-18 17:20:03.000000000 +0100
+++ squid3-3.4.8/debian/patches/series 2018-11-14 18:04:01.000000000 +0100
@@ -21,3 +21,5 @@
44-SQUID-2016_11-CVE-2016-10002.patch
45-SQUID-2018_1.patch
46-SQUID-2018_2.patch
+CVE-2018-19132.patch
+
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment