1
PublicDateAtUSN: 2010-02-15
2
Candidate: CVE-2010-0639
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0639
6
http://www.squid-cache.org/Advisories/SQUID-2010_2.txt
7
https://usn.ubuntu.com/usn/usn-904-1
9
The htcpHandleTstRequest function in htcp.c in Squid 2.x before
10
2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before
11
3.0.STABLE24, allows remote attackers to cause a denial of service (NULL
12
pointer dereference and daemon crash) via crafted packets to the HTCP port.
15
mdeslaur> code not present in dapper (It's actually the htcpHandleClr
16
mdeslaur> function that is being patched here)
18
http://bugs.squid-cache.org/show_bug.cgi?id=2858
19
https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907687
25
upstream: http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch
26
upstream_squid: needs-triage
27
dapper_squid: not-affected (2.5.12-4ubuntu2.5)
28
hardy_squid: released (2.6.18-1ubuntu3.2)
29
intrepid_squid: released (2.7.STABLE3-1ubuntu2.3)
30
jaunty_squid: released (2.7.STABLE3-4.1ubuntu1.2)
31
karmic_squid: released (2.7.STABLE6-2ubuntu2.2)
32
lucid_squid: released (2.7.STABLE7-1ubuntu6)
33
maverick_squid: released (2.7.STABLE7-1ubuntu6)
34
natty_squid: released (2.7.STABLE7-1ubuntu6)
35
oneiric_squid: released (2.7.STABLE7-1ubuntu6)
39
upstream: http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch
40
upstream_squid3: released (3.0.STABLE24)
42
hardy_squid3: ignored (reached end-of-life)
43
intrepid_squid3: needed (reached end-of-life)
44
jaunty_squid3: ignored (reached end-of-life)
45
karmic_squid3: ignored (reached end-of-life)
46
lucid_squid3: released (3.0.STABLE19-1ubuntu0.2)
47
maverick_squid3: not-affected (3.1.5-2)
48
natty_squid3: not-affected (3.1.5-2)
49
oneiric_squid3: not-affected (3.1.5-2)
50
devel_squid3: not-affected (3.1.5-2)