Your message dated Wed, 14 Sep 2011 19:57:05 +0000
with message-id <[email protected]>
and subject line Bug#639755: fixed in squid3 3.1.6-1.2+squeeze1
has caused the Debian Bug report #639755,
regarding squid3: Buffer overflow in Gopher reply parser
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
639755: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639755
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: squid3
Severity: important
Tags: security
Hi,
Recently upstream released a security advisory for squid 3.*:
http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
IMHO, the severity of the issue fixed doesn't worth a DSA and can be updated in
a point update. Can you confirm that?
Cheers, luciano
--- End Message ---
--- Begin Message ---
Source: squid3
Source-Version: 3.1.6-1.2+squeeze1
We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive:
squid-cgi_3.1.6-1.2+squeeze1_amd64.deb
to main/s/squid3/squid-cgi_3.1.6-1.2+squeeze1_amd64.deb
squid3-common_3.1.6-1.2+squeeze1_all.deb
to main/s/squid3/squid3-common_3.1.6-1.2+squeeze1_all.deb
squid3-dbg_3.1.6-1.2+squeeze1_amd64.deb
to main/s/squid3/squid3-dbg_3.1.6-1.2+squeeze1_amd64.deb
squid3_3.1.6-1.2+squeeze1.diff.gz
to main/s/squid3/squid3_3.1.6-1.2+squeeze1.diff.gz
squid3_3.1.6-1.2+squeeze1.dsc
to main/s/squid3/squid3_3.1.6-1.2+squeeze1.dsc
squid3_3.1.6-1.2+squeeze1_amd64.deb
to main/s/squid3/squid3_3.1.6-1.2+squeeze1_amd64.deb
squidclient_3.1.6-1.2+squeeze1_amd64.deb
to main/s/squid3/squidclient_3.1.6-1.2+squeeze1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[email protected]> (supplier of updated squid3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 10 Sep 2011 13:09:24 +0000
Source: squid3
Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi
Architecture: source all amd64
Version: 3.1.6-1.2+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Luigi Gangitano <[email protected]>
Changed-By: Nico Golde <[email protected]>
Description:
squid-cgi - A full featured Web Proxy cache (HTTP proxy) - control CGI
squid3 - A full featured Web Proxy cache (HTTP proxy)
squid3-common - A full featured Web Proxy cache (HTTP proxy) - common files
squid3-dbg - A full featured Web Proxy cache (HTTP proxy) - Debug symbols
squidclient - A full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 639755
Changes:
squid3 (3.1.6-1.2+squeeze1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix buffer overflow on long gopher server replies
(CVE-2011-3205; Closes: #639755).
Checksums-Sha1:
719e5b11789d3802f1f68ea8153323291de226a6 1305 squid3_3.1.6-1.2+squeeze1.dsc
b2bc188ec7ac99f830f8d88b45d3a41d3b9a74e8 3245533 squid3_3.1.6.orig.tar.gz
cd12f2dbe3d3815fecc9f10a3774992f8e774caf 20478
squid3_3.1.6-1.2+squeeze1.diff.gz
59d4184c91cb0a083b881a02ed1e8b11d54b50ae 193668
squid3-common_3.1.6-1.2+squeeze1_all.deb
e8058222e16c13dc8bd236b3443e5df15286246e 1499800
squid3_3.1.6-1.2+squeeze1_amd64.deb
0b1ce6094345e840565f541c12099b55ad728cca 5618232
squid3-dbg_3.1.6-1.2+squeeze1_amd64.deb
14ccef3b069d846621354be95495dfd91de6a676 106216
squidclient_3.1.6-1.2+squeeze1_amd64.deb
45bd268c9a52f3d302dff1a31b305b0eea39c5c8 108632
squid-cgi_3.1.6-1.2+squeeze1_amd64.deb
Checksums-Sha256:
04e0cec15bb0fae47f26d3a622fab65c5a818347f2f457adb4aa21f2d5313d08 1305
squid3_3.1.6-1.2+squeeze1.dsc
22bbbd39dc52374bd42d01bf936ccf4d672545c3b84571d03bb44d399fc7db24 3245533
squid3_3.1.6.orig.tar.gz
c60bba95b8d446c7474ecfecb6e3dd5339b02b42c3b8dbefe0386b3e6dffeb1d 20478
squid3_3.1.6-1.2+squeeze1.diff.gz
ca617f0d8f0a2bbd2cf31679fd5eb8190e91e1724fae902053342727d9961020 193668
squid3-common_3.1.6-1.2+squeeze1_all.deb
1deba3e37d2e1e628f30d0816e441b388412064f0aba99ac881bcbccb063b12d 1499800
squid3_3.1.6-1.2+squeeze1_amd64.deb
482fbc373ea6b6b9049dfcf1061ca2489fbade8126e63e03c711bd7ec06c7852 5618232
squid3-dbg_3.1.6-1.2+squeeze1_amd64.deb
7e1ae835036a313fddfafd450bd3f7bd584179939099c289edd3b288540b14fb 106216
squidclient_3.1.6-1.2+squeeze1_amd64.deb
96c7905b8790232879ba99c8a4846d343f4e01e42d1644a583290316df5a5dd1 108632
squid-cgi_3.1.6-1.2+squeeze1_amd64.deb
Files:
445f4f3223ede2111e014f49225a819c 1305 web optional
squid3_3.1.6-1.2+squeeze1.dsc
93827099aaa04b6801df9f0fe16d262c 3245533 web optional squid3_3.1.6.orig.tar.gz
cb464c62438c8a05190a2d3d7b5be928 20478 web optional
squid3_3.1.6-1.2+squeeze1.diff.gz
ac55fd4a812d34fe8632f7bca99b5bca 193668 web optional
squid3-common_3.1.6-1.2+squeeze1_all.deb
d832711918766d53e5fae59df4b7b83b 1499800 web optional
squid3_3.1.6-1.2+squeeze1_amd64.deb
78709fab8c629de0bc682bc605d407b5 5618232 debug extra
squid3-dbg_3.1.6-1.2+squeeze1_amd64.deb
f59c2f238bd6656db5738a8508dc57ee 106216 web optional
squidclient_3.1.6-1.2+squeeze1_amd64.deb
5c852ddd7f226b5bec186173ba177b61 108632 web optional
squid-cgi_3.1.6-1.2+squeeze1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk5rZM0ACgkQHYflSXNkfP8xnACghHCxiLKgF1ARCFyogA1YrMo8
n64AniBu/ZMUUziBtFUcFhQnKFS4L9P2
=II4O
-----END PGP SIGNATURE-----
--- End Message ---
