Your message dated Fri, 30 Apr 2010 11:17:51 +0000
with message-id <e1o7oeb-0005ws...@ries.debian.org>
and subject line Bug#553319: fixed in squidguard 1.2.0-9
has caused the Debian Bug report #553319,
regarding CVE-2009-3826, CVE-2009-3700
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
553319: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553319
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: squidguard
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for squidguard.
CVE-2009-3826[0]:
| Multiple buffer overflows in squidGuard 1.4 allow remote attackers to
| bypass intended URL blocking via a long URL, related to (1) the
| relationship between a certain buffer size in squidGuard and a certain
| buffer size in Squid and (2) a redirect URL that contains information
| about the originally requested URL.
CVE-2009-3700[1]:
| Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote
| attackers to cause a denial of service (application hang or loss of
| blocking functionality) via a long URL with many / (slash) characters,
| related to "emergency mode."
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3826
http://security-tracker.debian.org/tracker/CVE-2009-3826
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3700
http://security-tracker.debian.org/tracker/CVE-2009-3700
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrqnvwACgkQNxpp46476aosywCdG1RhnDUXFIt6fMam/qpeyhdy
C34AoIe1UrEymK7C9iJ6fZMe7WyT8oKu
=Lucd
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: squidguard
Source-Version: 1.2.0-9
We believe that the bug you reported is fixed in the latest version of
squidguard, which is due to be installed in the Debian FTP archive:
squidguard_1.2.0-9.diff.gz
to main/s/squidguard/squidguard_1.2.0-9.diff.gz
squidguard_1.2.0-9.dsc
to main/s/squidguard/squidguard_1.2.0-9.dsc
squidguard_1.2.0-9_i386.deb
to main/s/squidguard/squidguard_1.2.0-9_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 553...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastien Delafond <s...@debian.org> (supplier of updated squidguard package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 30 Apr 2010 12:52:19 +0200
Source: squidguard
Binary: squidguard
Architecture: source i386
Version: 1.2.0-9
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packa...@qa.debian.org>
Changed-By: Sebastien Delafond <s...@debian.org>
Description:
squidguard - filter, redirector and access controller plug for Squid
Closes: 553319
Changes:
squidguard (1.2.0-9) unstable; urgency=high
.
* Non-maintainer upload for security issues.
* Security: fix buffer overflow in sgLog.c.
Fixes: CVE-2009-3700.
* Security: fix buffer overflow in sgDiv.c.
Fixes: CVE-2009-3700.
* Closes: #553319 (two security issues described above).
* Setting maintained to QA.
Checksums-Sha1:
2338da46acaf2905372dd49b4b3a3ac98ae09ba3 1017 squidguard_1.2.0-9.dsc
89956ed23996025b9ff00a471cddd15981760498 96433 squidguard_1.2.0-9.diff.gz
5ea157d7cb72891fec727570f51565653e2ce5cc 136934 squidguard_1.2.0-9_i386.deb
Checksums-Sha256:
103fa932e73650f95f79630fccb7caa98a3fcc139c5c5988537084919fecc0ef 1017
squidguard_1.2.0-9.dsc
ba49df774916226237d78baebd6a2b6f0b1a83004c6c520cc7e8b3f573c9037e 96433
squidguard_1.2.0-9.diff.gz
83b399c0b456b8cbc006dfcad16879f4d59bd57884b9f21c51cde28ce3348c92 136934
squidguard_1.2.0-9_i386.deb
Files:
d850a6870812c261292f7c00e0849da1 1017 web optional squidguard_1.2.0-9.dsc
3e1bb6c2fc9924828d804e777355966c 96433 web optional squidguard_1.2.0-9.diff.gz
312a06cf6333ceee0612a7eb5a1f0a99 136934 web optional
squidguard_1.2.0-9_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvauNUACgkQiZgNKcDdyD8chACdGCKCGgXlt1ePitJHKUc01Wdm
C+MAnRB9ZlpVqdQvDbeAc7RRBW7uPdxT
=1zzn
-----END PGP SIGNATURE-----
--- End Message ---
