Bug#596086: marked as done (CVE-2010-3072: DoS triggered by internal error in string handling)

Sat, 18 Sep 2010 22:03:21 -0700 

Your message dated Sun, 19 Sep 2010 05:02:15 +0000
with message-id <e1oxc2z-0003ui...@franck.debian.org>
and subject line Bug#596086: fixed in squid3 3.1.6-1.1
has caused the Debian Bug report #596086,
regarding CVE-2010-3072: DoS triggered by internal error in string handling
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
596086: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596086
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: squid3
Severity: grave
Tags: security
Justification: user security hole

Please see http://www.squid-cache.org/Advisories/SQUID-2010_3.txt

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs11-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

--- End Message ---
--- Begin Message --- 
Source: squid3
Source-Version: 3.1.6-1.1

We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive:

squid-cgi_3.1.6-1.1_amd64.deb
  to main/s/squid3/squid-cgi_3.1.6-1.1_amd64.deb
squid3-common_3.1.6-1.1_all.deb
  to main/s/squid3/squid3-common_3.1.6-1.1_all.deb
squid3-dbg_3.1.6-1.1_amd64.deb
  to main/s/squid3/squid3-dbg_3.1.6-1.1_amd64.deb
squid3_3.1.6-1.1.diff.gz
  to main/s/squid3/squid3_3.1.6-1.1.diff.gz
squid3_3.1.6-1.1.dsc
  to main/s/squid3/squid3_3.1.6-1.1.dsc
squid3_3.1.6-1.1_amd64.deb
  to main/s/squid3/squid3_3.1.6-1.1_amd64.deb
squidclient_3.1.6-1.1_amd64.deb
  to main/s/squid3/squidclient_3.1.6-1.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 596...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris <wh...@debian.org> (supplier of updated squid3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 13 Sep 2010 17:07:51 +1000
Source: squid3
Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi
Architecture: source all amd64
Version: 3.1.6-1.1
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano <lu...@debian.org>
Changed-By: Steffen Joeris <wh...@debian.org>
Description: 
 squid-cgi  - A full featured Web Proxy cache (HTTP proxy) - control CGI
 squid3     - A full featured Web Proxy cache (HTTP proxy)
 squid3-common - A full featured Web Proxy cache (HTTP proxy) - common files
 squid3-dbg - A full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squidclient - A full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 596086
Changes: 
 squid3 (3.1.6-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix DoS due to wrong string handling (Closes: #596086)
     Fixes: CVE-2010-3072
Checksums-Sha1: 
 0c30cdcdf2e2890feb82b8e459513a162f0d2a98 1269 squid3_3.1.6-1.1.dsc
 166740246b6f8c077f1c31c7d5387e087caa36c8 18873 squid3_3.1.6-1.1.diff.gz
 5351e7b3d5edeeea9b7542905b68f6a17d0b9319 193770 squid3-common_3.1.6-1.1_all.deb
 a809e1c0ffd1dc400dcf85e99d673e3c5ead0faf 1502952 squid3_3.1.6-1.1_amd64.deb
 cff1c3e2c4f10b7b395dd18827db0ca160f438c3 5614614 squid3-dbg_3.1.6-1.1_amd64.deb
 87b60b8b60e3e95d027040235693c468764b3df5 105408 squidclient_3.1.6-1.1_amd64.deb
 c2496198b1977c85cbf7aa926d0fe9c929103bcf 107808 squid-cgi_3.1.6-1.1_amd64.deb
Checksums-Sha256: 
 c76aaccfeba8724e6e466749c8c3c40597360098690aadf05e0fb602e4b0d5a1 1269 
squid3_3.1.6-1.1.dsc
 e7418f2318d514bcffa90037134b18dfc27dfac1bf1d556107abe2e25fb3df01 18873 
squid3_3.1.6-1.1.diff.gz
 aee9ecca60cb69012ed417d602316b4230411dfed5916f3557808fe8e70cee2f 193770 
squid3-common_3.1.6-1.1_all.deb
 220c2aae5eafc12e825c35e28fdb7a18415fc230a54f1f401a1fb46499d0148c 1502952 
squid3_3.1.6-1.1_amd64.deb
 6f8921fc645709ae29c3e9b663dcdbd3602e23d905e3b6debcfdd082e33bb991 5614614 
squid3-dbg_3.1.6-1.1_amd64.deb
 f07f80a643e618cc446e805d3212f84be07de214d926ca20fa8d3b67f587660f 105408 
squidclient_3.1.6-1.1_amd64.deb
 e5e3c932b1f0b3cbdf31dcd1c833431470697f3fd951182a58672b3e97df3a41 107808 
squid-cgi_3.1.6-1.1_amd64.deb
Files: 
 19a5a6cca364601f75beddaddbf6c702 1269 web optional squid3_3.1.6-1.1.dsc
 111416afbf32cf5f3dc606de91284bc7 18873 web optional squid3_3.1.6-1.1.diff.gz
 59b45a42ca8f6f776b97c02160b10310 193770 web optional 
squid3-common_3.1.6-1.1_all.deb
 bbeb3a554412ea963a92444f51592d11 1502952 web optional 
squid3_3.1.6-1.1_amd64.deb
 39c6179a1b77cbf68873623aa6bf250a 5614614 debug extra 
squid3-dbg_3.1.6-1.1_amd64.deb
 2023ab6817198c745ed8f73c58db8ab8 105408 web optional 
squidclient_3.1.6-1.1_amd64.deb
 3270515530d4a6a00ccab7d22d735c72 107808 web optional 
squid-cgi_3.1.6-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyVlzsACgkQ62zWxYk/rQcs0wCeMeXREaciKoCpxjO7/oYVDQJh
ZWEAoLeedacUSR7of/meeXF822OLSz9C
=jo36
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to