Your message dated Sat, 27 Mar 2021 11:18:01 +0000
with message-id <e1lq6x7-000i7e...@fasolo.debian.org>
and subject line Bug#985068: fixed in squid 4.6-1+deb10u5
has caused the Debian Bug report #985068,
regarding squid: CVE-2020-25097: SQUID-2020:11 HTTP Request Smuggling
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
985068: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985068
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: squid
Version: 4.13-7
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 4.13-5
Control: found -1 4.6-1+deb10u4
Control: found -1 4.6-1
Hi,
The following vulnerability was published for squid.
CVE-2020-25097[0]:
| SQUID-2020:11 HTTP Request Smuggling
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-25097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25097
[1] https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: squid
Source-Version: 4.6-1+deb10u5
Done: Santiago García Mantiñán <ma...@debian.org>
We believe that the bug you reported is fixed in the latest version of
squid, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 985...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Santiago García Mantiñán <ma...@debian.org> (supplier of updated squid package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 22 Mar 2021 10:37:24 +0100
Source: squid
Architecture: source
Version: 4.6-1+deb10u5
Distribution: buster-security
Urgency: medium
Maintainer: Luigi Gangitano <lu...@debian.org>
Changed-By: Santiago García Mantiñán <ma...@debian.org>
Closes: 985068
Changes:
squid (4.6-1+deb10u5) buster-security; urgency=medium
.
* SQUID-2020:11 HTTP Request Smuggling (CVE-2020-25097) (Closes: #985068)
Checksums-Sha1:
c32d76df0370d3fd126db260e2fefb0ee9d0d5a1 2674 squid_4.6-1+deb10u5.dsc
7f2978326f7940b85902cd1cbc5be2519badb682 70448
squid_4.6-1+deb10u5.debian.tar.xz
2284760f673577d26df3ac9a56aeb121e07a7b79 7771
squid_4.6-1+deb10u5_source.buildinfo
Checksums-Sha256:
ac58647fa9727f3f662eb91ba16f3a34d8d3f7808300183cf104b16a8e97bf38 2674
squid_4.6-1+deb10u5.dsc
74f2b98a46ef005748d7a1d3426920261020faefcd39359626cbfed6f9f869b3 70448
squid_4.6-1+deb10u5.debian.tar.xz
8431aed20d8fd54405739023262db28312a7c73a31394c4f050c6600a83159c2 7771
squid_4.6-1+deb10u5_source.buildinfo
Files:
1865de4107d5a563a77bf1962d17a5bd 2674 web optional squid_4.6-1+deb10u5.dsc
82262afd784a621b6ac04704c65f7c0b 70448 web optional
squid_4.6-1+deb10u5.debian.tar.xz
fd92a815656f384189f659fa75ef3fb4 7771 web optional
squid_4.6-1+deb10u5_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBqPldg9hG0uxqQ5ouGiMo9h21aMFAmBZj7MACgkQuGiMo9h2
1aMMZxAAgFZOEae6DW9wECi7JOEjT5oIW5iKkvlQ1TaKCUC8yIkEAw2BJVSeVfJz
1CwJRaXKBWNmqzFvvUDV7xud7slL8r9PHqZ5gWYeADYstpe9wyrPrRofyjCd/+4E
isBS6+yOCeicuazkWX586ZjVTHVums6aoBrsnORWsTpcX5qG8b69+D7ZU5KQt+fe
NeIo1AT0hoKIEjQ7sl77MW1xfsO/pAtidw9K1wNCTrDoMS1CaNuFq19JHmeDtr1g
AH29BHw3o1eoQOwnDRkmeDIwOz05ihxyWfpxqCu7QkIK8DTvdT+KAE3l4SxN8ZnX
6Dl9sE2PUcvV3k6aY3pbSnWI2TykrvbK9iIizHKEybvSSi7HxBKZwb+DHvX/4nwB
oEXKLkF2AU1Bh7oN6hAZQOhsyZWIWouDcD6hcQGqdsGp73JmqWHagNCNEUx/fdjM
NgcKctjemrWJ857zFhFiWy/HFMQa+LByqkHJauP6SJbI6eqDIRSnh+qe4jmU0PdU
Lv8wOHA9inu/pJMAaiskWX7JyjVF3jnV9YHmPn9nSU7RhK3pNIbbgfqLiVjVBhkp
/XXEoXPQTt8kPrti6y8eOHLMG3q8Bq3EPLSaN86D02e+Um/njfr2lH6DJOE4scPm
iNPGkLGnBVdfb3bSF8NTOX2uqw7rvh8Q70Qd6YKay928usn72Xg=
=z0ON
-----END PGP SIGNATURE-----
--- End Message ---
