Your message dated Thu, 05 Feb 2009 19:47:13 +0000
with message-id <e1lvabt-00078p...@ries.debian.org>
and subject line Bug#514142: fixed in squid 2.7.STABLE3-4.1
has caused the Debian Bug report #514142,
regarding squid: denial of service via crafted request
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
514142: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: squid
Severity: grave
Tags: security
Justification: user security hole
Hi
A DoS issue has been reported[0] for squid. So far I cannot see the
vulnerable code in the stable release, but it would be nice, if you
could check that as well. Lenny seems to be affected and needs fixing.
I've just build updated packages for testing-security with the
upstream patch[1]. On a first glance, the patch looked ok. I'll need
to test the packages and do some further checking, but would appreciate
some comments.
Cheers
Steffen
[0]: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt
[1]: http://klecker.debian.org/~white/squid/
--- End Message ---
--- Begin Message ---
Source: squid
Source-Version: 2.7.STABLE3-4.1
We believe that the bug you reported is fixed in the latest version of
squid, which is due to be installed in the Debian FTP archive:
squid-cgi_2.7.STABLE3-4.1_i386.deb
to pool/main/s/squid/squid-cgi_2.7.STABLE3-4.1_i386.deb
squid-common_2.7.STABLE3-4.1_all.deb
to pool/main/s/squid/squid-common_2.7.STABLE3-4.1_all.deb
squid_2.7.STABLE3-4.1.diff.gz
to pool/main/s/squid/squid_2.7.STABLE3-4.1.diff.gz
squid_2.7.STABLE3-4.1.dsc
to pool/main/s/squid/squid_2.7.STABLE3-4.1.dsc
squid_2.7.STABLE3-4.1_i386.deb
to pool/main/s/squid/squid_2.7.STABLE3-4.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 514...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steffen Joeris <wh...@debian.org> (supplier of updated squid package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 05 Feb 2009 18:28:57 +0000
Source: squid
Binary: squid squid-common squid-cgi
Architecture: source all i386
Version: 2.7.STABLE3-4.1
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano <lu...@debian.org>
Changed-By: Steffen Joeris <wh...@debian.org>
Description:
squid - Internet object cache (WWW proxy cache)
squid-cgi - Squid cache manager CGI program
squid-common - Internet object cache (WWW proxy cache) - common files
Closes: 514142
Changes:
squid (2.7.STABLE3-4.1) unstable; urgency=high
.
* Non-maintainer upload by the security team
* Include upstream patch to fix DoS via error in request processing
code (Closes: #514142)
Checksums-Sha1:
0b2a720fb934ea5336393088bb7b91faa8afe582 1140 squid_2.7.STABLE3-4.1.dsc
cc53282596849739132490a7c0c49e24a33139ba 306327 squid_2.7.STABLE3-4.1.diff.gz
44588e498b2b9f4131cd08f18bfa7022ca1596b8 497386
squid-common_2.7.STABLE3-4.1_all.deb
cc8336d7bd3c9b8b912d454ddf8c0f2e6f4c2a52 691012 squid_2.7.STABLE3-4.1_i386.deb
d30c30d1a661d639a3de9df2bc612b044429ebe3 117816
squid-cgi_2.7.STABLE3-4.1_i386.deb
Checksums-Sha256:
2865953342f62b4c24cb703fe14235839d1bc982ce43401aba7cca9a95e123ed 1140
squid_2.7.STABLE3-4.1.dsc
a7540c9c570001b708f08c3321de77e37564ccab0e3d93da6215d12e6232cc4b 306327
squid_2.7.STABLE3-4.1.diff.gz
5215724711099f9864d578c9e2763d5f89eecc16255dd331a8f2e8e2fef854b2 497386
squid-common_2.7.STABLE3-4.1_all.deb
6003338cbe3438ae42c320689e94c4e234dc045caace52000bf3d7d29522d7b6 691012
squid_2.7.STABLE3-4.1_i386.deb
af4629250ad90f8db2eee4cf161c90e81718f980c1f7f951504cfa84937e4f47 117816
squid-cgi_2.7.STABLE3-4.1_i386.deb
Files:
e3d45a9820e7e3d0de1df4b01b22586a 1140 web optional squid_2.7.STABLE3-4.1.dsc
a8c94560ae7dccbf9158636699d4f4d9 306327 web optional
squid_2.7.STABLE3-4.1.diff.gz
28a2b0cdf885319864983e960d3a4bc8 497386 web optional
squid-common_2.7.STABLE3-4.1_all.deb
63cb1ac81e8f0250653c02c898ec3c9f 691012 web optional
squid_2.7.STABLE3-4.1_i386.deb
d53120e876567b0b298edcfc85de59cb 117816 web optional
squid-cgi_2.7.STABLE3-4.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmLPrgACgkQ62zWxYk/rQd+twCdGWr+t3pvgvvVN2ZrKFQA+ltx
3OYAoJDx0/9+70Mqs2MVsvgmd37PLCDb
=vMp7
-----END PGP SIGNATURE-----
--- End Message ---
