Your message dated Fri, 28 Aug 2020 14:48:38 +0000 with message-id <e1kbfge-0003to...@fasolo.debian.org> and subject line Bug#968934: fixed in squid 4.6-1+deb10u4 has caused the Debian Bug report #968934, regarding squid: CVE-2020-15810: SQUID-2020:10 HTTP(S) Request Smuggling to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 968934: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968934 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: squid Version: 4.12-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for squid. CVE-2020-15810[0]: | SQUID-2020:10 HTTP(S) Request Smuggling If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-15810 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15810 [1] https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m [2] http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_10.patch Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: squid Source-Version: 4.6-1+deb10u4 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of squid, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 968...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated squid package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Aug 2020 12:35:13 +0200 Source: squid Architecture: source Version: 4.6-1+deb10u4 Distribution: buster-security Urgency: high Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 968932 968933 968934 Changes: squid (4.6-1+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * SQUID-2020:8 HTTP(S) Request Splitting (CVE-2020-15811) (Closes: #968932) * SQUID-2020:9 Denial of Service processing Cache Digest Response (CVE-2020-24606) (Closes: #968933) * SQUID-2020:10 HTTP(S) Request Smuggling (CVE-2020-15810) (Closes: #968934) Checksums-Sha1: dbbbff760b68bc6aa94512181146383fba880e0b 2829 squid_4.6-1+deb10u4.dsc a984cea18f29228e9b8af71ed792d03823552d1d 70164 squid_4.6-1+deb10u4.debian.tar.xz Checksums-Sha256: ea9f20970f921d16d33e6c8d7c75c62283f167ad235b9d29cb4fff0d23f280fc 2829 squid_4.6-1+deb10u4.dsc 09fce3705fcd0a01f6850000fc9263c6115bd84aef4fc1c30a900659a5ed028e 70164 squid_4.6-1+deb10u4.debian.tar.xz Files: 3b52eb01a61b97124a7dc2083fdae828 2829 web optional squid_4.6-1+deb10u4.dsc 5a601a1b56339cfe1bdfa8072808b412 70164 web optional squid_4.6-1+deb10u4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9GPQJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EF/oP/0gTjFtAvR71k4bKb5ZRvK4OYt+53DaR g2eEncW7ENLONpUlfurwS/d/0P5miIwcjY/88u0M+fWerK6HzghXWtS7Dzoq/fl0 QcJ9zXUe6qNxcxNR8+q/6fo+jBr9GA2fzt2Jhq1UtE34ysYc/kY2O5iHMPpr0x95 2w7RVSElB4kOwtxYg7kF5WrNwcQGgEkLKyA9eTATBR6hMl7HTXULBbj5e8oz0xNb c3kH1FZRwnZ3yR/slh3ViNzB4oeOt8nf3/WFPQ74A6iBdt3G4qNiLsIo6+eqrcmd O96GBuVMo0zcJ0cplNs6SebHsKfrvijuOuI3uSNjVbwNvkscXVlQtwTWhTnvkQxb UrPc3x+gismjCw6uIahsbrD6C1yPjHI48gf9QTGi6qIgJJGWXCN1zhftTRUKxCz4 Nt421xwmQNDw0wpmR66JNybZQ85f8An9XcUP5Mh4YZR13pRSutuozffL622Yy3tv fzNZnuY0Kj8ohwB4u0tpXpxixueZPO4B0Joi1Z4etMihySCxq4FqIiHi/aI222nj cey1/Q/EOZ7AlVaTqiHtsFP8B6p/6OY7opapNDS0RoVBGh1HRiR/Wdd7dRuOBeyf l8MPDiu0t8/yl5wevC+wlrdZMKLSnVIXoZXDrI5wY1sZePMNt+0rb+W/K+H/GGTz bJt2Xa3YYB/c =uzHt -----END PGP SIGNATURE-----
--- End Message ---
