Bug#560779: marked as done (polipo: DoS via overly large "Content-Length" header)

Debian Bug Tracking System Wed, 27 Jan 2010 08:13:05 -0800

Your message dated Wed, 27 Jan 2010 16:09:21 +0000
with message-id <[email protected]>
and subject line Bug#560779: fixed in polipo 1.0.4-2
has caused the Debian Bug report #560779,
regarding polipo: DoS via overly large "Content-Length" header
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
560779: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560779
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: polipo
Version: 0.9.12-1
Severity: grave
Tags: security

Hi,

A vulnerability has been found in polipo that allows a remote attacker to 
crash the daemon via an overly large "Content-Length" header.
The vulnerability is caused by connection->reqlen (in client.c: 
httpClientDiscardBody()) being a signed integer which can be overflowed 
turning it into a negative value which later leads to a segmentation fault in 
the call to memmove.

If you fix this vulnerability please include the CVE id in your changelog 
entry, when one is assigned. Please work with the security team to fix this 
vulnerability in the stable and oldstable releases.

For further information see:
http://www.exploit-db.com/exploits/10338
http://secunia.com/advisories/37607/

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

--- End Message ---

--- Begin Message ---

Source: polipo
Source-Version: 1.0.4-2

We believe that the bug you reported is fixed in the latest version of
polipo, which is due to be installed in the Debian FTP archive:

polipo_1.0.4-2.diff.gz
  to main/p/polipo/polipo_1.0.4-2.diff.gz
polipo_1.0.4-2.dsc
  to main/p/polipo/polipo_1.0.4-2.dsc
polipo_1.0.4-2_i386.deb
  to main/p/polipo/polipo_1.0.4-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <[email protected]> (supplier of updated polipo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 27 Jan 2010 15:01:52 +0100
Source: polipo
Binary: polipo
Architecture: source i386
Version: 1.0.4-2
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <[email protected]>
Changed-By: Julien Cristau <[email protected]>
Description: 
 polipo     - a small, caching web proxy
Closes: 560779
Changes: 
 polipo (1.0.4-2) unstable; urgency=high
 .
   [ Andreas Kirschbaum ]
   * Apply upstream commit to fix DoS via overly large "Content-Length"
     header; fixes CVE-2009-3305 (closes: #560779)
 .
   [ Julien Cristau ]
   * QA upload.
   * Set Maintainer to Debian QA Group (see #566150).
   * High urgency for RC bugfix.
Checksums-Sha1: 
 8aa9d232a4228ccb34d82a5352ed29b426793c45 1665 polipo_1.0.4-2.dsc
 20d96b11c32f6cdc7703b52d99b733bf0cc77e3a 11235 polipo_1.0.4-2.diff.gz
 2a77dbaae3a0c3a42d5c7436b7fdbc061176a4f9 190834 polipo_1.0.4-2_i386.deb
Checksums-Sha256: 
 6a2b6f817fd95456b7816745e0d4bc9845b0b2ce79081232800a067ef0bd427c 1665 
polipo_1.0.4-2.dsc
 ced798555a15a31f8930cea4f4431f7928e5ab5904354278a1439de3c6b121d3 11235 
polipo_1.0.4-2.diff.gz
 0a69d41929aa3b14681070d441075ad92d7eb011a42e1710a3328ff20a851737 190834 
polipo_1.0.4-2_i386.deb
Files: 
 7e9a3475a5e49a1e5061898fa8ac99ba 1665 web optional polipo_1.0.4-2.dsc
 0f3e70bee762b43716161553e1ca9f8b 11235 web optional polipo_1.0.4-2.diff.gz
 bef6b3786ff0e6105dd3ef0047ccbf60 190834 web optional polipo_1.0.4-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJLYElvAAoJEDEBgAUJBeQMiBoQAKVYopiC8WQD1SQsmrm6IQMn
zeqDJ6uQDQ/5XsH6LUB9/8TW3nEuRJr+AeYbi+VXtdwCeN6I7Hf3voGm+hWfMKte
V+bAEkyJWnlgEcW8zJeUctekcJlG/9OQyk67q660eZJ1MRv2RToRxYCz9wUs77Le
cIoGhKCxsPknBMwmiv001o9gfnhGpU88KOkDrVwAW1h8XeSnDtEzcOSVWHhtxSLc
ZwijAut2z2raANxUaV+Q71NNjqF4H0rAfjgr4iL7Fppe1idDYozVNyNlZ1lVyxFx
X5So+DDaNl1CmCgJZeEhUNi7UMhAyfjldaskf6hfGCpbDZRomnxlM36mdVdDy1sG
JsI0+fbIoqygPTXaT++apFvIaX4BcT0FhmRbw9SnYrmoXjW6Tj+S46b3uOkv8myX
Z98rXHf+RLePjoOzAm93sLqF0fFzYEfYnJrGB6J69qHpk7NZ0qQxcoUorfo6fJy0
UtaCxEqeEAcWMVjfa5Kyuaa/BjZAoTFe65L7uUGKiJqG1mqzw7TCNRLspr8JF/yU
NCriOPJ58sNC0Q2c/RZVMxqvjDUxSopDJhzEUZDU/0CGNS8f56v+l2hWbCmALdh+
FUJFMC7aaujLVPxZuuTLzQeoX0WiUnDW1lFCiKRpbplsntkwgBROMLiz4SA5Jqjf
gELtCdbJTPdi4Qj22hl2
=SR5u
-----END PGP SIGNATURE-----

--- End Message ---

Bug#560779: marked as done (polipo: DoS via overly large "Content-Length" header)

Reply via email to