Ubuntu
squid package

squid affected by CVE-2009-0478

  1. Gutsy (7.10)
  2. Bug #330192
Bug #330192 reported by geeknik
6
Affects Status Importance Assigned to Milestone
squid (Ubuntu)
Fix Released
Undecided
Jamie Strandboge
Dapper
Invalid
Undecided
Jamie Strandboge
Gutsy
Invalid
Undecided
Jamie Strandboge
Hardy
Invalid
Undecided
Jamie Strandboge
Intrepid
Fix Released
Undecided
Jamie Strandboge
Jaunty
Fix Released
Undecided
Jamie Strandboge
squid3 (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Invalid
Undecided
Unassigned
Gutsy
Won't Fix
Undecided
Unassigned
Hardy
Won't Fix
Undecided
Unassigned
Intrepid
Invalid
Undecided
Unassigned
Jaunty
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: squid

Squid 3.0 Stable 13 was just released and I'd like to see this added to Ubuntu. Why should we have to install an outdated version via apt-get install? Thanks.

CVE References

Revision history for this message
Pierre Emeriaud (petrus-lt-deactivatedaccount) wrote :

Hi all,

I also agree on the need of a recent version of squid, see CVE entry and :

http://www.squid-cache.org/Advisories/SQUID-2009_1.txt

This vulerability has been fixed in the latest versions of squid 2.7, 3.0 and 3.1.

Thanks

Jamie Strandboge (jdstrand)
Changed in squid:
status: New → Confirmed
assignee: nobody → jdstrand
status: New → Confirmed
assignee: nobody → jdstrand
status: New → Invalid
assignee: nobody → jdstrand
status: New → Invalid
assignee: nobody → jdstrand
status: New → Invalid
assignee: nobody → jdstrand
Changed in squid3:
status: New → Invalid
status: New → Confirmed
status: New → Confirmed
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

squid3 in Jaunty was fixed in 3.0.STABLE8-3. squid for Dapper- Hardy is not affected. Currently we are past FeatureFreeze, so updating to STABLE13 for Jaunty cannot be done without a FeatureFreezeException. Please see https://wiki.ubuntu.com/FreezeExceptionProcess for details.

Changed in squid3:
status: New → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

squid 2.7.STABLE3-4.1ubuntu1 in Jaunty is not affected by this issue (patched in 2.7.STABLE3-4.1).

Changed in squid:
status: Confirmed → Fix Released
status: Confirmed → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

http://www.ubuntu.com/usn/usn-724-1

Changed in squid:
status: Fix Committed → Fix Released
Revision history for this message
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Changed in squid3 (Ubuntu Gutsy):
status: Confirmed → Won't Fix
Revision history for this message
Alex Valavanis (valavanisalex) wrote :

Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug has been fixed in newer releases of Ubuntu.

Changed in squid3 (Ubuntu Intrepid):
status: Confirmed → Invalid
Revision history for this message
Rolf Leggewie (r0lf) wrote :

Hardy has seen the end of its life and is no longer receiving any updates. Marking the Hardy task for this ticket as "Won't Fix".

Changed in squid3 (Ubuntu Hardy):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.