Your message dated Sat, 24 Dec 2016 21:02:20 +0000 with message-id <e1cktso-000fac...@fasolo.debian.org> and subject line Bug#848493: fixed in squid3 3.4.8-6+deb8u4 has caused the Debian Bug report #848493, regarding squid3: CVE-2016-10002: SQUID-2016:11: Information disclosure in HTTP Request processing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 848493: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848493 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: squid3 Version: 3.4.8-6 Severity: important Tags: security upstream patch fixed-upstream Hi >From http://www.squid-cache.org/Advisories/SQUID-2016_11.txt > Problem Description: > > Due to incorrect HTTP conditional request handling Squid can > deliver responses containing private data to clients it should > not have reached. A CVE has been requested in http://www.openwall.com/lists/oss-security/2016/12/17/1 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: squid3 Source-Version: 3.4.8-6+deb8u4 We believe that the bug you reported is fixed in the latest version of squid3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 848...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated squid3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 18 Dec 2016 11:47:19 +0100 Source: squid3 Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi squid-purge Architecture: all source Version: 3.4.8-6+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 819563 848493 Description: squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility squid3 - Full featured Web Proxy cache (HTTP proxy) squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility Changes: squid3 (3.4.8-6+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix cache_peer login=PASS(THRU) after CVE-2015-5400. Thanks to Amos Jeffries <squ...@treenet.co.nz> (Closes: #819563) * CVE-2016-10002: Information disclosure in HTTP Request processing (Closes: #848493) Checksums-Sha1: aea9d693617d9060f03d73e9ac97ce742459b4de 2501 squid3_3.4.8-6+deb8u4.dsc f69b769ed103871e6ab767328713e8cb2585405a 41124 squid3_3.4.8-6+deb8u4.debian.tar.xz fc9aa7470097df32de7aaf487ea9dc3b2179cb20 258548 squid3-common_3.4.8-6+deb8u4_all.deb Checksums-Sha256: 3c19984d630de12dc191189c59255a15c70f86df5874fb56e812bb483d3648ae 2501 squid3_3.4.8-6+deb8u4.dsc cd12f31bfd2d4ef5519cafb683713f5c63f25331bd64be6ce930fdd64b5d7a46 41124 squid3_3.4.8-6+deb8u4.debian.tar.xz 202e3452e24b057512b061001ba2970398540ce56fc56db978b5860343d00561 258548 squid3-common_3.4.8-6+deb8u4_all.deb Files: d8881b2709492ca294568e41a89dffab 2501 web optional squid3_3.4.8-6+deb8u4.dsc 1e8f56bc5c08232a0ba63d69f8ff262e 41124 web optional squid3_3.4.8-6+deb8u4.debian.tar.xz f75d5c6ec82390569e0e98f7534971af 258548 web optional squid3-common_3.4.8-6+deb8u4_all.deb -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlhWa/1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EiNwP/069vEzhVduLvDjmTf8my5DqJa+YH1oz Dwu33jWhhwiEhgo6MD3/f9miItj0yE2NfvhEyc2xF0OwA30gw0ZjyUqdSSiR7uD4 ZB3WPdg0iRZ9Yt7bEDjjB//U7P3GfnIsrRPvn5G2qhIAq3kTSWEjvwOC6FXCCPKq tejwDcFwmShJrNd5Ra2XB5lpUYnfp7xjp1caQnDOPLla1ACxrLFAKKW3m1MrDF2N c8kzYvNVBo2JR6G5UTq4Ik/JZxAfN/uha+KTPLSQiRkeMmExjHxM21lVnJmKRHFa K+41LcJHPwMj322J9SK+4snjvjkQ+RdDWO67sliGIfye4t/aOpCqTAyAkGRFY8aM EJI/mhfXvtfSEAzWB+eVwZXYLdCO81Lcq41o07bwthN8YbCueAevHARtzupF+jO8 SjSQYrB82LGH0WKAqhDZIpXQijJtqzyMOMOsGoqiCwvJKSUNv/Sx9bC3RjKuJWrG CfL053UQ/sDGMIbTUa8jx4RIioYwVRf9IVWqiq1gKAL5zt5W1FbR9ZYNbVyjbXMw 33ypLebpZEDb9K/ZRDwtwiuBA703FaYrQvkJOdlS5kFLfNbAVH6jyWoJF1cp8WVX UIMnybIy+jLqMc12bOsaljYbGbJO8BwtSNULAR1ryt3KnO9Ywv69V3AHYKy1QrB9 Fl7VXlPAQUEn =v3Mk -----END PGP SIGNATURE-----
--- End Message ---
