Bug#596086: marked as done (CVE-2010-3072: DoS triggered by internal error in string handling)

Fri, 24 Sep 2010 13:03:23 -0700 

Your message dated Fri, 24 Sep 2010 20:00:03 +0000
with message-id <e1ozer9-0005wu...@franck.debian.org>
and subject line Bug#596086: fixed in squid3 3.0.STABLE8-3+lenny4
has caused the Debian Bug report #596086,
regarding CVE-2010-3072: DoS triggered by internal error in string handling
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
596086: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596086
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: squid3
Severity: grave
Tags: security
Justification: user security hole

Please see http://www.squid-cache.org/Advisories/SQUID-2010_3.txt

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs11-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

--- End Message ---
--- Begin Message --- 
Source: squid3
Source-Version: 3.0.STABLE8-3+lenny4

We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive:

squid3-cgi_3.0.STABLE8-3+lenny4_amd64.deb
  to main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny4_amd64.deb
squid3-common_3.0.STABLE8-3+lenny4_all.deb
  to main/s/squid3/squid3-common_3.0.STABLE8-3+lenny4_all.deb
squid3_3.0.STABLE8-3+lenny4.diff.gz
  to main/s/squid3/squid3_3.0.STABLE8-3+lenny4.diff.gz
squid3_3.0.STABLE8-3+lenny4.dsc
  to main/s/squid3/squid3_3.0.STABLE8-3+lenny4.dsc
squid3_3.0.STABLE8-3+lenny4_amd64.deb
  to main/s/squid3/squid3_3.0.STABLE8-3+lenny4_amd64.deb
squidclient_3.0.STABLE8-3+lenny4_amd64.deb
  to main/s/squid3/squidclient_3.0.STABLE8-3+lenny4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 596...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris <wh...@debian.org> (supplier of updated squid3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 18 Sep 2010 17:34:19 +1000
Source: squid3
Binary: squid3 squid3-common squidclient squid3-cgi
Architecture: source all amd64
Version: 3.0.STABLE8-3+lenny4
Distribution: stable-security
Urgency: high
Maintainer: Luigi Gangitano <lu...@debian.org>
Changed-By: Steffen Joeris <wh...@debian.org>
Description: 
 squid3     - A full featured Web Proxy cache (HTTP proxy)
 squid3-cgi - A full featured Web Proxy cache (HTTP proxy) - control CGI
 squid3-common - A full featured Web Proxy cache (HTTP proxy) - common files
 squidclient - A full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 596086
Changes: 
 squid3 (3.0.STABLE8-3+lenny4) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix DoS due to wrong string handling (Closes: #596086)
     Fixes: CVE-2010-3072
Checksums-Sha1: 
 0a1383e3efcfa4d3f6e14e1f6ddfebd79e4ac8ad 1193 squid3_3.0.STABLE8-3+lenny4.dsc
 00660cd64338e172b14a76a1bf1b149a2dd5ab74 20699 
squid3_3.0.STABLE8-3+lenny4.diff.gz
 0c46529de1430e9a5bca4561e8a498d7fb976a20 289406 
squid3-common_3.0.STABLE8-3+lenny4_all.deb
 6de2daa9f14fcc761ccf77e9244b1bb27ce976d8 1008578 
squid3_3.0.STABLE8-3+lenny4_amd64.deb
 338c55b0a18db3025d220a7de18077feba68689d 89072 
squidclient_3.0.STABLE8-3+lenny4_amd64.deb
 d105783ca03c17987b85bac50aa57656f93326d5 92634 
squid3-cgi_3.0.STABLE8-3+lenny4_amd64.deb
Checksums-Sha256: 
 c8951b37df5b1d346fe39bef3a9e7ae948020028fc513b1bf7fa38a51d106408 1193 
squid3_3.0.STABLE8-3+lenny4.dsc
 663b6f6b44faf2e805e8f9a99a59cf02a4ad19fb79b929f8ca940c50a2347de7 20699 
squid3_3.0.STABLE8-3+lenny4.diff.gz
 eecefebd05dccd103a0a45284da64f4a71676583b9f3da9cd3a164d9f4ed2bd1 289406 
squid3-common_3.0.STABLE8-3+lenny4_all.deb
 1d6d0774bc4961955a2c740b4dc0df6945cd0a9ce552400220cfaddb1b8cb389 1008578 
squid3_3.0.STABLE8-3+lenny4_amd64.deb
 16942b87aff2caa0b1a553d0955b8d28ef151f26d96873946e7c117ce4bffea8 89072 
squidclient_3.0.STABLE8-3+lenny4_amd64.deb
 8d9a3792e585a205fa5546d051f3eec94097f78ac6d46646f8aab0a762638ee4 92634 
squid3-cgi_3.0.STABLE8-3+lenny4_amd64.deb
Files: 
 c301ce03c043f892a1dab392b82f5454 1193 web optional 
squid3_3.0.STABLE8-3+lenny4.dsc
 8660e684fab99044d17ee435cd8718d9 20699 web optional 
squid3_3.0.STABLE8-3+lenny4.diff.gz
 954e5536f90c542c1fc7300fc9a6ad0e 289406 web optional 
squid3-common_3.0.STABLE8-3+lenny4_all.deb
 55e7a138a3cf2ac850757bdb3dc80d65 1008578 web optional 
squid3_3.0.STABLE8-3+lenny4_amd64.deb
 0c3df278512da844a33cc3e4294f0860 89072 web optional 
squidclient_3.0.STABLE8-3+lenny4_amd64.deb
 13a26c111e3344c2e0bc2da0291c0b26 92634 web optional 
squid3-cgi_3.0.STABLE8-3+lenny4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyVlTcACgkQ62zWxYk/rQdjtwCffQRfq0hXgfywxEos5qxDsxks
UQ4AnRGqo+K1krtGaxFdEgYpxJwb3860
=u/dw
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to