Your message dated Wed, 17 Jan 2007 01:02:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#407202: fixed in squid 2.6.5-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: squid
Version: 2.6.5-3
Severity: important
Tags: security
Two vulnerabilities have been reported in Squid, which can be exploited
by malicious people to cause a DoS (Denial of Service).
1) An error in the handling of certain FTP URL requests can be exploited
to crash Squid by visiting a specially crafted FTP URL via the proxy.
2) An error in the external_acl queue can cause Squid to crash when it
is under high load conditions.
The vulnerabilities are reported in version 2.6. Other versions may also
be affected.
Solution:
Update to version 2.6.STABLE7.
Reference:
http://secunia.com/advisories/23767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0248
Note:
Please mention the CVE id in the changelog.
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-486
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
regards,
--
.''`.
: :' : Alex de Oliveira Silva | enerv
`. `' www.enerv.net
`-
--- End Message ---
--- Begin Message ---
Source: squid
Source-Version: 2.6.5-4
We believe that the bug you reported is fixed in the latest version of
squid, which is due to be installed in the Debian FTP archive:
squid-cgi_2.6.5-4_sparc.deb
to pool/main/s/squid/squid-cgi_2.6.5-4_sparc.deb
squid-common_2.6.5-4_all.deb
to pool/main/s/squid/squid-common_2.6.5-4_all.deb
squid_2.6.5-4.diff.gz
to pool/main/s/squid/squid_2.6.5-4.diff.gz
squid_2.6.5-4.dsc
to pool/main/s/squid/squid_2.6.5-4.dsc
squid_2.6.5-4_sparc.deb
to pool/main/s/squid/squid_2.6.5-4_sparc.deb
squidclient_2.6.5-4_sparc.deb
to pool/main/s/squid/squidclient_2.6.5-4_sparc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luigi Gangitano <[EMAIL PROTECTED]> (supplier of updated squid package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 17 Jan 2007 00:12:42 +0100
Source: squid
Binary: squid squid-cgi squidclient squid-common
Architecture: source sparc all
Version: 2.6.5-4
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano <[EMAIL PROTECTED]>
Changed-By: Luigi Gangitano <[EMAIL PROTECTED]>
Description:
squid - Internet Object Cache (WWW proxy cache)
squid-cgi - Squid cache manager CGI program
squid-common - Internet Object Cache (WWW proxy cache) - common file
squidclient - Command line URL extractor that talks to (a) squid
Closes: 407202
Changes:
squid (2.6.5-4) unstable; urgency=high
.
* Urgency high due to security issues
.
* debian/patches/55-ftp-segfault.dpatch
- Added upstream patch fixing DoS on specially crafted ftp urls
(Closes: #407202) (Ref: SA23767)
.
* debian/patches/56-external-acl-crash
- Added upstream patch fixing external-acl crashing on high load
conditions (Ref: CVE-2007-0248)
Files:
de634083e26b119834648d9c5f2de45a 659 web optional squid_2.6.5-4.dsc
81edf2c818341ae20da8aed29965dce6 269681 web optional squid_2.6.5-4.diff.gz
74afcbf1c5f65cda62b697616d57aeb7 438364 web optional
squid-common_2.6.5-4_all.deb
4fe744b7202ed02d7b1f80579e87424e 666040 web optional squid_2.6.5-4_sparc.deb
a909152685cd45dfe4ccff4f55f480eb 86006 web optional
squidclient_2.6.5-4_sparc.deb
6932d9201b4661b3eb6e1e9e923060b6 115156 web optional
squid-cgi_2.6.5-4_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFrXEk8ZumGJJMDCYRAo21AJ0aQ8fjpLWXFXMvRDFUuMEsDa2zNACbBdqN
FKZ9Jvm4GLuxNk14Y9dnevw=
=El2h
-----END PGP SIGNATURE-----
--- End Message ---
