Your message dated Sun, 21 Jul 2013 23:05:25 +0000 with message-id <e1v12gv-0004kv...@franck.debian.org> and subject line Bug#716743: fixed in squid3 3.3.8-1 has caused the Debian Bug report #716743, regarding squid3: CVE-2013-4115 CVE-2013-4123 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 716743: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716743 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: squid3 Severity: grave Tags: security Justification: user security hole This was assigned CVE-2013-4115: http://www.squid-cache.org/Advisories/SQUID-2013_2.txt Since this only affects 3.2 and later oldstable and stable are not affected. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: squid3 Source-Version: 3.3.8-1 We believe that the bug you reported is fixed in the latest version of squid3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 716...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Luigi Gangitano <lu...@debian.org> (supplier of updated squid3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 21 Jul 2013 18:28:36 +0200 Source: squid3 Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi squid-purge Architecture: source all i386 Version: 3.3.8-1 Distribution: unstable Urgency: high Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Luigi Gangitano <lu...@debian.org> Description: squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility squid3 - Full featured Web Proxy cache (HTTP proxy) squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility Closes: 683255 710126 716743 Changes: squid3 (3.3.8-1) unstable; urgency=high . * Urgency high due to security fixes . * New upstream release - Fixes security issues (Closes: #716743) + Buffer overflow in HTTP request handling (Ref: SQUID-2013:2, CVE-2013-4115) + DoS in request processing (Ref: SQUID-2013:3, CVE-2013-4123) - Includes PNG image used in error pages, with new copyright assignement (Closes: #683255) . * Added /var/run/squid3 dir to host sockets in SMP configuration (Closes: #710126) . * debian/control - Bumped Standard-Version to 3.9.4, no change needed Checksums-Sha1: 29b982c82709ef6c54d2de39293a5eef9c54d68e 1530 squid3_3.3.8-1.dsc 127c8252577bce25b62cb0d05b0fef7f3f379c23 2992708 squid3_3.3.8.orig.tar.bz2 35c8e4e202afdd212c93daf8a3227336d13ffbed 21184 squid3_3.3.8-1.debian.tar.gz 970be05ad424d557d29266c23b9c94559dc929e1 248802 squid3-common_3.3.8-1_all.deb 7cb282a4211f18e491ffdd81b50b368f8ce73bca 2336992 squid3_3.3.8-1_i386.deb 336c3a26dab65bc6550dbdf444f6532a395946c7 14453232 squid3-dbg_3.3.8-1_i386.deb 1ce5033441f00cd77e68f2687fc9027cec69cffd 127178 squidclient_3.3.8-1_i386.deb d4004d225785eab90c30bbe0bb149a475e9a4f7c 130384 squid-cgi_3.3.8-1_i386.deb 813c1e50b323b21922a22f541ccffb55874543ae 119918 squid-purge_3.3.8-1_i386.deb Checksums-Sha256: 67c2c5358449ad86b055e608a5ce6016c49b696fc38331d0b4a050d56071dd06 1530 squid3_3.3.8-1.dsc 6411f344510e780f9e579851151278e1d02d8fe06a56abb1d97b1c53c61326a1 2992708 squid3_3.3.8.orig.tar.bz2 123074ae98e0e98963be691b2867de470663ac6f90720ba22d012398ae958e78 21184 squid3_3.3.8-1.debian.tar.gz 22918ea8feca205c786edddd75942a394164ca6ec648132d4e756e77e115c4fa 248802 squid3-common_3.3.8-1_all.deb e38acb63d8abd9e55842a899470e7e71578f02332956a5e2b0d1e203babc59ee 2336992 squid3_3.3.8-1_i386.deb bb48b464fa32937924d93931e4bc1921f634ade2386ff8d94f1c6820abec8796 14453232 squid3-dbg_3.3.8-1_i386.deb edfc36b7f07e6408fa02884db934db567051b22350d1e8f079f44035d58a8e2a 127178 squidclient_3.3.8-1_i386.deb 4c45e619d0c29294a873052b8e08253839cfe12351d9a2dcb3ab25800d78d6f5 130384 squid-cgi_3.3.8-1_i386.deb ed78cbf694de834feee2b9017d0c6439a3e3f3fa96142e25fb87157710c9949c 119918 squid-purge_3.3.8-1_i386.deb Files: 5457e74de1151bf4de9a63a2dde5a904 1530 web optional squid3_3.3.8-1.dsc ec1654d28e29bdd2ee342ffb655ecc72 2992708 web optional squid3_3.3.8.orig.tar.bz2 d2b412af22ed83a3421eb1eb87a6c383 21184 web optional squid3_3.3.8-1.debian.tar.gz 74098a01d5b095badb7cd6be541052e7 248802 web optional squid3-common_3.3.8-1_all.deb de8b893ae360d95f65d4728ca6a2dada 2336992 web optional squid3_3.3.8-1_i386.deb 91b6a9ee0c9941f522fde911b510c115 14453232 debug extra squid3-dbg_3.3.8-1_i386.deb 905f811921f712559887a48f41dabc5f 127178 web optional squidclient_3.3.8-1_i386.deb cfdc5dc7b328568fcb403c8f8b45010d 130384 web optional squid-cgi_3.3.8-1_i386.deb 2e3912cf5f9ce2b29e803d8b4fd1483f 119918 web optional squid-purge_3.3.8-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Darwin) iEYEARECAAYFAlHsZGYACgkQ8ZumGJJMDCbCKQCeIx8yksq/+y25xxDWjNHDEK6e rowAmwf4eedtcwJqLqqZiuRlBQMJFQmg =OqMJ -----END PGP SIGNATURE-----
--- End Message ---
