Your message dated Sun, 9 Aug 2009 00:40:37 +0200
with message-id <2db1986a-108b-4333-a044-2b4cdceb5...@debian.org>
and subject line Re: Bug#538989: Regression
has caused the Debian Bug report #538989,
regarding squid3: multiple debian of services vectors on response/request
processing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
538989: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538989
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: squid3
Severity: grave
Tags: security patch
Hi,
the following security issue was published for squid3:
| Due to incorrect buffer limits and related bound checks Squid
| is vulnerable to a denial of service attack when processing
| specially crafted requests or responses.
|
| Due to incorrect data validation Squid is vulnerable to a denial
| of service attack when processing specially crafted responses.
Unfortunately there is no CVE id for this yet.
For further information see:
http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
this also links patches.
Cheers
Nico
P.S. stable update on its way
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
pgpfSPHufBZKb.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Version: 3.0.STABLE16-2.1
This security issue was resolved in package version 3.0.STABLE16-2.1
for sid/squeeze and 3.0.STABLE8-3+lenny1 for lenny.
Regards,
L
--
Luigi Gangitano -- <lu...@debian.org> -- <gangit...@lugroma3.org>
GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972 C24A F19B A618 924C 0C26
--- End Message ---
