Bug#307132: marked as done (CAN-2005-1345 (Unexpected access control results on configuration errors))

Debian Bug Tracking System Fri, 06 May 2005 12:55:53 -0700

Your message dated Fri, 06 May 2005 21:35:24 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#307132: CAN-2005-1345 (Unexpected access control results 
on configuration errors)
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 1 May 2005 03:40:52 +0000
>From [EMAIL PROTECTED] Sat Apr 30 20:40:52 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DS5K8-0002y0-00; Sat, 30 Apr 2005 20:40:52 -0700
Received: from dragon.kitenet.net (dpc6682244174.direcpc.com [66.82.244.174])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
        by kitenet.net (Postfix) with ESMTP id F122617FB5
        for <[EMAIL PROTECTED]>; Sun,  1 May 2005 03:40:44 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
        id 1D9626E4D1; Sat, 30 Apr 2005 23:43:44 -0400 (EDT)
Date: Sat, 30 Apr 2005 23:43:44 -0400
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2005-1345 (Unexpected access control results on configuration 
errors)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
X-Reportbug-Version: 3.11
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: squid
Version: 2.5.9
Severity: normal
Tags: security

squid 2.5.9 is vulnerable to a minor security hole, as described at
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_erro=
r:

synopsis        On configuration errors involving wrongly defined or missing 
acl=
s the http_access results may be different than expected, possibly allowing=
 more access than intended. This patch makes such configuration errors a fa=
tal error, preventing the service from starting until the access control co=
nfiguration errors have been corrected.
severity        Cosmetic Security
date    2005-03-04 22:48
bugzilla        #1255
versions        Squid-2.5 and earlier
platforms       All
patch   squid-2.5.STABLE9-acl_error.patch
workaround      Verify your configuration with "squid -k parse" and correct any=
 errors reported before starting Squid.


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)

Versions of packages squid depends on:
ii  adduser                     3.63         Add and remove users and groups
ii  coreutils                   5.2.1-2      The GNU core utilities
ii  debconf                     1.4.48       Debian configuration managemen=
t sy
ii  libc6                       2.3.2.ds1-21 GNU C Library: Shared librarie=
s an
ii  libldap2                    2.1.30-6     OpenLDAP libraries
ii  libpam0g                    0.76-22      Pluggable Authentication Modul=
es l
ii  logrotate                   3.7-2        Log rotation utility
ii  netbase                     4.21         Basic TCP/IP networking system
pn  squid-common                             Not found.

--=20
see shy jo

--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCdFBvd8HHehbQuO8RAm3cAJ9wVvF3Ja49NH6lHsUX/6976RBP3QCfQODH
C5K2Al2MEcxMs8W5noyYzRo=
=2a9n
-----END PGP SIGNATURE-----

--EVF5PPMfhYS0aIcm--

---------------------------------------
Received: (at 307132-done) by bugs.debian.org; 6 May 2005 19:35:52 +0000
>From [EMAIL PROTECTED] Fri May 06 12:35:52 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ms005msg.fastwebnet.it [213.140.2.50] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DU8c4-0004Vr-00; Fri, 06 May 2005 12:35:52 -0700
Received: from localhost.localdomain (23.21.172.54) by ms005msg.fastwebnet.it 
(7.2.052.3)
        id 425D38BB004DCD17; Fri, 6 May 2005 21:35:21 +0200
Received: by localhost.localdomain (Postfix, from userid 1000)
        id 6F4AB4B91F; Fri,  6 May 2005 21:35:25 +0200 (CEST)
Subject: Re: Bug#307132: CAN-2005-1345 (Unexpected access control results
        on configuration errors)
From: Luigi Gangitano <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], Joey Hess <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Content-Type: multipart/signed; micalg=pgp-sha1; 
protocol="application/pgp-signature"; boundary="=-SJ6ryvSRwQSKBvx5HaMP"
Organization: Debian
Date: Fri, 06 May 2005 21:35:24 +0200
Message-Id: <[EMAIL PROTECTED]>
Mime-Version: 1.0
X-Mailer: Evolution 2.2.2 
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--=-SJ6ryvSRwQSKBvx5HaMP
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Bug fixed in squid version 2.4.6-2woody8, just uploaded (DSA-721-1).

Regards,

--=20
 Luigi Gangitano -- <[EMAIL PROTECTED]> -- <[EMAIL PROTECTED]>
 GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972  C24A F19B A618 924C 0C26

--=-SJ6ryvSRwQSKBvx5HaMP
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQBCe8b88ZumGJJMDCYRAh/RAJ93ju6KFgympQdFcs1TBviZ+T+mcgCeMiaQ
qGrWPy2jLaehkTMcpXcEa/M=
=bY0v
-----END PGP SIGNATURE-----

--=-SJ6ryvSRwQSKBvx5HaMP--


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#307132: marked as done (CAN-2005-1345 (Unexpected access control results on configuration errors))

Reply via email to