Your message dated Sun, 04 Sep 2011 09:34:52 +0000
with message-id <[email protected]>
and subject line Bug#639755: fixed in squid3 3.1.15-1
has caused the Debian Bug report #639755,
regarding squid3: Buffer overflow in Gopher reply parser
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
639755: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639755
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: squid3
Severity: important
Tags: security
Hi,
Recently upstream released a security advisory for squid 3.*:
http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
IMHO, the severity of the issue fixed doesn't worth a DSA and can be updated in
a point update. Can you confirm that?
Cheers, luciano
--- End Message ---
--- Begin Message ---
Source: squid3
Source-Version: 3.1.15-1
We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive:
squid-cgi_3.1.15-1_i386.deb
to main/s/squid3/squid-cgi_3.1.15-1_i386.deb
squid3-common_3.1.15-1_all.deb
to main/s/squid3/squid3-common_3.1.15-1_all.deb
squid3-dbg_3.1.15-1_i386.deb
to main/s/squid3/squid3-dbg_3.1.15-1_i386.deb
squid3_3.1.15-1.diff.gz
to main/s/squid3/squid3_3.1.15-1.diff.gz
squid3_3.1.15-1.dsc
to main/s/squid3/squid3_3.1.15-1.dsc
squid3_3.1.15-1_i386.deb
to main/s/squid3/squid3_3.1.15-1_i386.deb
squid3_3.1.15.orig.tar.gz
to main/s/squid3/squid3_3.1.15.orig.tar.gz
squidclient_3.1.15-1_i386.deb
to main/s/squid3/squidclient_3.1.15-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luigi Gangitano <[email protected]> (supplier of updated squid3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 02 Sep 2011 13:33:41 +0200
Source: squid3
Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi
Architecture: source all i386
Version: 3.1.15-1
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano <[email protected]>
Changed-By: Luigi Gangitano <[email protected]>
Description:
squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI
squid3 - Full featured Web Proxy cache (HTTP proxy)
squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files
squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 634765 639755
Changes:
squid3 (3.1.15-1) unstable; urgency=high
.
* Urgency high due to security fixes
.
* New upstream release
- Fixes DoS issue in Gopher client (Closes: #639755)
(Ref: CVE-2011-3205, SQUID-2011:3)
.
* debian/control
- Removed hardcoded list of non-Linux architectures (Closes: #634765)
Checksums-Sha1:
0d5e574a2adfff6ecabab443d8def0f8a4e8c010 1233 squid3_3.1.15-1.dsc
8b073ea86fb51bc9efe87903be4f69a135f78996 3398311 squid3_3.1.15.orig.tar.gz
1bd26fbd83dfaf31cdc5414ac707306baf1a4d40 18680 squid3_3.1.15-1.diff.gz
2608a3d72c908f8620bf09c09e6e64ce5781d182 199740 squid3-common_3.1.15-1_all.deb
65ad292cb25ef6c660cca2916b600e4caf1ece67 1529854 squid3_3.1.15-1_i386.deb
8bfae7925004c3acf62261eca62a7a26be9b2e09 5390398 squid3-dbg_3.1.15-1_i386.deb
d648384582ac6f1eb2d4047f8653a37c1f29d612 118082 squidclient_3.1.15-1_i386.deb
676e108cfb4a643d2f7964056dd91a9590fa697c 120006 squid-cgi_3.1.15-1_i386.deb
Checksums-Sha256:
a7ca88863c287561ea1bc8e272f67533efbeb9d0291514959fa1a7b6460f6b3a 1233
squid3_3.1.15-1.dsc
dc79b99e682f4e934c29df747e8ddf85f89d6c8a2b8462f4dd5abc9ab403f3d9 3398311
squid3_3.1.15.orig.tar.gz
7a09571309b200159454e329047952546661cad8ad65e33aece74346aa9c866b 18680
squid3_3.1.15-1.diff.gz
84dc2568fa0394703cb8192f868e315be47763cc259d5cb70819274fe9c90abf 199740
squid3-common_3.1.15-1_all.deb
15b43455d6372c48bdd84b9cdcad7bc604b0cf8ab131a9fcb375b0457d72615f 1529854
squid3_3.1.15-1_i386.deb
4238a91951784e6c36f7d689914ba9d48e6aaa55e6c70ed704aaaa4ffdc56d89 5390398
squid3-dbg_3.1.15-1_i386.deb
0863cd6110a776bfae62da427b8017af9e29ff04a7b21b6e260088b58e59a30f 118082
squidclient_3.1.15-1_i386.deb
6d8b51e23236dc9049251903049f41b24310d4124859b2de01e63f52aa43abbb 120006
squid-cgi_3.1.15-1_i386.deb
Files:
fa780219f67c1dc70010ed26f4337b7c 1233 web optional squid3_3.1.15-1.dsc
80e90102de360cbd56b4d98023977d65 3398311 web optional squid3_3.1.15.orig.tar.gz
ba38bb3155c3c84e21e3b0144dd36ad8 18680 web optional squid3_3.1.15-1.diff.gz
5cc2d646d68fc94f39d99e4d1a53ba25 199740 web optional
squid3-common_3.1.15-1_all.deb
db59708eef4b383866c10de0b8c0f051 1529854 web optional squid3_3.1.15-1_i386.deb
df1d31c1f9d2c022a119adbe405cfca0 5390398 debug extra
squid3-dbg_3.1.15-1_i386.deb
6c508cc187a80dd0ea50eff10d8b4fb0 118082 web optional
squidclient_3.1.15-1_i386.deb
40eed9db0c8531472cc90eea96d58bdc 120006 web optional
squid-cgi_3.1.15-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
iEYEARECAAYFAk5jQfEACgkQ8ZumGJJMDCbarQCfXurXBNzP1FTFHnCu/Jwc7N5s
wgEAnjvgCpm8eZYEz2Rj/bcFLRT+RliC
=nmuy
-----END PGP SIGNATURE-----
--- End Message ---
