Your message dated Wed, 14 Sep 2011 19:56:52 +0000
with message-id <[email protected]>
and subject line Bug#639755: fixed in squid3 3.0.STABLE8-3+lenny5
has caused the Debian Bug report #639755,
regarding squid3: Buffer overflow in Gopher reply parser
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
639755: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639755
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: squid3
Severity: important
Tags: security
Hi,
Recently upstream released a security advisory for squid 3.*:
http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
IMHO, the severity of the issue fixed doesn't worth a DSA and can be updated in
a point update. Can you confirm that?
Cheers, luciano
--- End Message ---
--- Begin Message ---
Source: squid3
Source-Version: 3.0.STABLE8-3+lenny5
We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive:
squid3-cgi_3.0.STABLE8-3+lenny5_amd64.deb
to main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny5_amd64.deb
squid3-common_3.0.STABLE8-3+lenny5_all.deb
to main/s/squid3/squid3-common_3.0.STABLE8-3+lenny5_all.deb
squid3_3.0.STABLE8-3+lenny5.diff.gz
to main/s/squid3/squid3_3.0.STABLE8-3+lenny5.diff.gz
squid3_3.0.STABLE8-3+lenny5.dsc
to main/s/squid3/squid3_3.0.STABLE8-3+lenny5.dsc
squid3_3.0.STABLE8-3+lenny5_amd64.deb
to main/s/squid3/squid3_3.0.STABLE8-3+lenny5_amd64.deb
squidclient_3.0.STABLE8-3+lenny5_amd64.deb
to main/s/squid3/squidclient_3.0.STABLE8-3+lenny5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[email protected]> (supplier of updated squid3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 10 Sep 2011 13:24:31 +0000
Source: squid3
Binary: squid3 squid3-common squidclient squid3-cgi
Architecture: source all amd64
Version: 3.0.STABLE8-3+lenny5
Distribution: oldstable-security
Urgency: high
Maintainer: Luigi Gangitano <[email protected]>
Changed-By: Nico Golde <[email protected]>
Description:
squid3 - A full featured Web Proxy cache (HTTP proxy)
squid3-cgi - A full featured Web Proxy cache (HTTP proxy) - control CGI
squid3-common - A full featured Web Proxy cache (HTTP proxy) - common files
squidclient - A full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 639755
Changes:
squid3 (3.0.STABLE8-3+lenny5) oldstable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix buffer overflow on long gopher server replies
(CVE-2011-3205; Closes: #639755).
Checksums-Sha1:
0a2e2eda26059f0f4e6353e5c207d2642b4a8408 1193 squid3_3.0.STABLE8-3+lenny5.dsc
1dd9f6a90e942f8cb77a2a2337de668084613684 21664
squid3_3.0.STABLE8-3+lenny5.diff.gz
3d1fac5272fe7aad2e8ccbdd71241da521202974 289200
squid3-common_3.0.STABLE8-3+lenny5_all.deb
453a8cb7c912acc105e202acbbc050790fbfae02 1012996
squid3_3.0.STABLE8-3+lenny5_amd64.deb
c8000480d012cda1a97c4145b29c9fc67f5b64f4 89078
squidclient_3.0.STABLE8-3+lenny5_amd64.deb
66eb7ada9a638bfb3f80d60720b8938172f22aef 93614
squid3-cgi_3.0.STABLE8-3+lenny5_amd64.deb
Checksums-Sha256:
5e496a908d6ade9d9646de62dc5d2b76aa3782b48c7fe4c68eeb9ddeb441ed21 1193
squid3_3.0.STABLE8-3+lenny5.dsc
8656c8c90ca68c23386d0d27bd781831d4bd9fff8c9856bf73e435e40b1dafc4 21664
squid3_3.0.STABLE8-3+lenny5.diff.gz
d22f6db67acd7df15e6ff1c103db0c7ce9a595f623ff8b80b8249fefd4298e0a 289200
squid3-common_3.0.STABLE8-3+lenny5_all.deb
20939a9f65f11338b8d10c968e80ed618ab750e6729ce93b8f029bc191a6c4c0 1012996
squid3_3.0.STABLE8-3+lenny5_amd64.deb
c432ced28e75976bcfde55b93a1073aa89862c30967dd7b9a799c8fd1f5eb324 89078
squidclient_3.0.STABLE8-3+lenny5_amd64.deb
315bc2fdc8fb4d51f5bdb8ea2b78e7c8f5ab19431a49c86b4cea7c73f6102593 93614
squid3-cgi_3.0.STABLE8-3+lenny5_amd64.deb
Files:
01ed8f2aac73baf1f536bf8629cf169d 1193 web optional
squid3_3.0.STABLE8-3+lenny5.dsc
8dd347583b30b062965c372bdec40af1 21664 web optional
squid3_3.0.STABLE8-3+lenny5.diff.gz
eec9ee7142ba92f7a5d6a39a661386c4 289200 web optional
squid3-common_3.0.STABLE8-3+lenny5_all.deb
c88824a596f94affdd0de8e1c41ba223 1012996 web optional
squid3_3.0.STABLE8-3+lenny5_amd64.deb
a44953442e7c04959d5d27d919a133dd 89078 web optional
squidclient_3.0.STABLE8-3+lenny5_amd64.deb
20aff625b3e01a5e7fe67ad2cfab2b75 93614 web optional
squid3-cgi_3.0.STABLE8-3+lenny5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk5rbbwACgkQHYflSXNkfP9mpQCggyfUirGsQbZv+1nKGBA0i//z
WCMAn2j/X75COKoFK2cF8GEY0O/uqefE
=byQB
-----END PGP SIGNATURE-----
--- End Message ---
