diff -u squid3-3.1.6/debian/changelog squid3-3.1.6/debian/changelog --- squid3-3.1.6/debian/changelog +++ squid3-3.1.6/debian/changelog @@ -1,3 +1,11 @@ +squid3 (3.1.6-1.2) unstable; urgency=low + + * Non-maintainer upload. + * Fix DoS while processing large DNS replies with no IPv6 resolver present + (CVE-2010-2951) (Closes: #599709) + + -- Ben Hutchings <[email protected]> Sat, 30 Oct 2010 17:00:55 +0200 + squid3 (3.1.6-1.1) unstable; urgency=high * Non-maintainer upload by the security team diff -u squid3-3.1.6/debian/patches/00list squid3-3.1.6/debian/patches/00list --- squid3-3.1.6/debian/patches/00list +++ squid3-3.1.6/debian/patches/00list @@ -4,0 +5 @@ +17-CVE-2010-2951 only in patch2: unchanged: --- squid3-3.1.6.orig/debian/patches/17-CVE-2010-2951.dpatch +++ squid3-3.1.6/debian/patches/17-CVE-2010-2951.dpatch @@ -0,0 +1,34 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 17-CVE-2010-2951.dpatch by Stephen Thorne <[email protected]> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Bug 3021: Large DNS reply causes crash when no ipv6 resolver present + +...@dpatch@ + +--- a/src/dns_internal.cc ++++ b/src/dns_internal.cc +@@ -843,14 +843,16 @@ + + } while ( (x<0 && y<0) && q->nsends % nns != 0); + +- if (y >= 0) { +- fd_bytes(DnsSocketB, y, FD_WRITE); +- commSetSelect(DnsSocketB, COMM_SELECT_READ, idnsRead, NULL, 0); +- } ++ if (!q->need_vc) { ++ if (y >= 0) { ++ fd_bytes(DnsSocketB, y, FD_WRITE); ++ commSetSelect(DnsSocketB, COMM_SELECT_READ, idnsRead, NULL, 0); ++ } + +- if (x >= 0) { +- fd_bytes(DnsSocketA, x, FD_WRITE); +- commSetSelect(DnsSocketA, COMM_SELECT_READ, idnsRead, NULL, 0); ++ if (x >= 0) { ++ fd_bytes(DnsSocketA, x, FD_WRITE); ++ commSetSelect(DnsSocketA, COMM_SELECT_READ, idnsRead, NULL, 0); ++ } + } + + nameservers[ns].nqueries++; --- END ---
-- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse.
signature.asc
Description: This is a digitally signed message part
