Your message dated Sun, 25 Aug 2019 14:27:37 +0000
with message-id <[email protected]>
and subject line Bug#931478: fixed in squid 4.6-1+deb10u1
has caused the Debian Bug report #931478,
regarding squid: CVE-2019-13345
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
931478: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931478
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: squid
Version: 4.6-2
Severity: important
Tags: security upstream
Forwarded: https://bugs.squid-cache.org/show_bug.cgi?id=4957
Control: found -1 4.6-1
Hi,
The following vulnerability was published for squid.
CVE-2019-13345[0]:
| The cachemgr.cgi web module of Squid through 4.7 has XSS via the
| user_name or auth parameter.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-13345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13345
[1] https://bugs.squid-cache.org/show_bug.cgi?id=4957
[2] https://github.com/squid-cache/squid/pull/429
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: squid
Source-Version: 4.6-1+deb10u1
We believe that the bug you reported is fixed in the latest version of
squid, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated squid package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 24 Jul 2019 19:33:25 +0200
Source: squid
Architecture: source
Version: 4.6-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Luigi Gangitano <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 931478
Changes:
squid (4.6-1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Denial of Service issue in cachemgr.cgi (CVE-2019-12854)
* Denial of Service issue in HTTP Basic Authentication processing
(CVE-2019-12529)
* Denial of Service issue in HTTP Digest Authentication processing
(CVE-2019-12525)
* Heap Overflow issue in HTTP Basic Authentication processing
(CVE-2019-12527)
* Multiple Cross-Site Scripting issues in cachemgr.cgi (CVE-2019-13345)
(Closes: #931478)
Checksums-Sha1:
0b16f6962ae96dcbcc326a38db19480369584a1b 2829 squid_4.6-1+deb10u1.dsc
57d392b177bd9fe5896b480e29356cc555b5bfc8 5174095 squid_4.6.orig.tar.gz
1657116ed5c8fc9c9d6e755e6cdfa38efca774c3 42260
squid_4.6-1+deb10u1.debian.tar.xz
Checksums-Sha256:
d74b78ab0944af0fcfe745407d987ad854352e28dfc1db359d423bec387ce347 2829
squid_4.6-1+deb10u1.dsc
190f5c015624f53279e5376749b08192f4023219398db3a40892d484513701c7 5174095
squid_4.6.orig.tar.gz
af187125bf1f2ab6f493055a8def2e4411279782650ceecb30790be75cfd2af6 42260
squid_4.6-1+deb10u1.debian.tar.xz
Files:
2bce1c2767cf3c2d312a06d075b2d877 2829 web optional squid_4.6-1+deb10u1.dsc
bc5f9ddeda7e39d2f3338bc4bbce0d9b 5174095 web optional squid_4.6.orig.tar.gz
ed95f136676eb6bfef194a59d8761cb9 42260 web optional
squid_4.6-1+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl04tjNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E6TcP/3dCOZ6yyfKwwziXNRuJv2Sv0pa73Oym
fFOimUFOnJ/cNcb4GiH4bLuYbQUhOhbIZpVrAaekIn/LieqKdBPePibI9FI60A4a
IYSXRieom32kggwkDa/ASo+1ds+0pBn+fqciwlOBpzAW91th50HyK3O1B3bqBqIg
2TLuQogN2uPMK4Iq74SXWWwyVYJbo2Ung2jx4xcS7FHBd42sCIJQSBCU46v2U/6q
M9FdwAODBT3ofiSFOjtkspFRMlKkK6elo1IhoO+DODsWcO2k2MuRt8rvuIUsOUky
n3oXUaBUUqrDtnZFWKPBu6/HIxSQuPtaCwO0ki0bSQ9v1jEsS8HDHJSNi89Q3qiJ
0mGeQh6brpALIcsWinbOYHjuSzx1WGyZVPCNlFnprrh7KQT9ILt8qv38Gmu+uZ63
7oFCbH6EMTOqG1QtUG8siJIUHU3arAJuu0CZdwH+t05++wZExmb52iVXeej1fDzh
2KPe96TjnUf9yQKpRguxGLnV1Dk0uIE5t9Dd1hjX2nBUVQPyUqEFmGboeIwhFEmp
UdxrqYTJCxF6AUDFpAmctoIx1S5THa3SKHFgHPQwD7rcsJE1x9RQmVjMPv1pkkxX
XgLqe60x+IyShihv0p6V6Jy4HG18HYY+DDqsCkWiXXnaQOskSkZYkdzkK8EfBgMA
DfIkrJ5naKo+
=kyfo
-----END PGP SIGNATURE-----
--- End Message ---
