Public bug reported: Description Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3205 https://bugzilla.redhat.com/show_bug.cgi?id=734583 Patch: http://www.squid- cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch ** Affects: squid3 (Ubuntu) Importance: Undecided Assignee: Mahyuddin Susanto (udienz) Status: In Progress ** Changed in: squid3 (Ubuntu) Status: New => In Progress ** Changed in: squid3 (Ubuntu) Assignee: (unassigned) => Mahyuddin Susanto (udienz) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/907690 Title: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
