Your message dated Tue, 26 Feb 2013 11:47:04 +0000 with message-id <e1uaizw-0002eq...@franck.debian.org> and subject line Bug#696187: fixed in squid3 3.1.6-1.2+squeeze3 has caused the Debian Bug report #696187, regarding CVE-2012-5643: cachemgr.cgi denial of service to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696187: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696187 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: squid-cgi Version: 3.1.20-2 Severity: important Tags: security http://www.squid-cache.org/Advisories/SQUID-2012_1.txt http://www.openwall.com/lists/oss-security/2012/12/17/3 Problem Description: Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of service attack when processing specially crafted requests. - Henri Salo
--- End Message ---
--- Begin Message ---Source: squid3 Source-Version: 3.1.6-1.2+squeeze3 We believe that the bug you reported is fixed in the latest version of squid3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated squid3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 Feb 2013 14:08:15 +0100 Source: squid3 Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi Architecture: source all amd64 Version: 3.1.6-1.2+squeeze3 Distribution: stable-security Urgency: high Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: squid-cgi - A full featured Web Proxy cache (HTTP proxy) - control CGI squid3 - A full featured Web Proxy cache (HTTP proxy) squid3-common - A full featured Web Proxy cache (HTTP proxy) - common files squid3-dbg - A full featured Web Proxy cache (HTTP proxy) - Debug symbols squidclient - A full featured Web Proxy cache (HTTP proxy) - control utility Closes: 696187 Changes: squid3 (3.1.6-1.2+squeeze3) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2012-5643-CVE-2013-0189.dpatch patch. Fix squid-cgi (cachemgr) memory leaks and denial of service vulnerability: remote attackers could cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. CVE-2012-5643 and CVE-2013-0189. (Closes: #696187) Checksums-Sha1: c5f6749082a7f2fb4e2f040b2bc0cecfef97e81a 1945 squid3_3.1.6-1.2+squeeze3.dsc b2208a200998e98a02596d3c8f4dad6763746c53 23044 squid3_3.1.6-1.2+squeeze3.diff.gz 6380ea78d9eadc573d8e51cccaaf113e092544cf 196062 squid3-common_3.1.6-1.2+squeeze3_all.deb 8d55afc54170c79003164e6efaebd24f5d3992c2 1503786 squid3_3.1.6-1.2+squeeze3_amd64.deb 2405080e5f4af1146660e022f3f6c5cb6e0d9b58 5630368 squid3-dbg_3.1.6-1.2+squeeze3_amd64.deb d65ed2ccc4ad390a9b090f301a748c04a9bd2337 106596 squidclient_3.1.6-1.2+squeeze3_amd64.deb cfaf934f65485e93dd42c680e56345e65f7592aa 109162 squid-cgi_3.1.6-1.2+squeeze3_amd64.deb Checksums-Sha256: 4e240bc5b701735fd66f8a4f6c9be1b81cd427810f9f4836e3fa6ce33ab20e70 1945 squid3_3.1.6-1.2+squeeze3.dsc edf23b6e2a9773e4aedb9e87f281b5cf59574db7171a15d634ab5d32e8bac82c 23044 squid3_3.1.6-1.2+squeeze3.diff.gz cf066c363753e37d32acebb3c4b6b9e0a28cbbd743a1ad6d58ce2036f70ff313 196062 squid3-common_3.1.6-1.2+squeeze3_all.deb 6221b0bb02cf7d4acc855e119660c0e8e5c6d463ae40ba51939b03437003db76 1503786 squid3_3.1.6-1.2+squeeze3_amd64.deb 866d213ed26f42c62752a56c2007ebf41377ef459367f7da5ae1b4ccc8c0af11 5630368 squid3-dbg_3.1.6-1.2+squeeze3_amd64.deb 4d30058966703e44bf7f93a57213294814706de00e8ab57735e8e5662e2d2d6b 106596 squidclient_3.1.6-1.2+squeeze3_amd64.deb dd991d13eaa5e17d8c1c3d93b2cfa9ef98571417348a357582ccd160238ad037 109162 squid-cgi_3.1.6-1.2+squeeze3_amd64.deb Files: c7754aa210a9bec4b70cffe5e76162e4 1945 web optional squid3_3.1.6-1.2+squeeze3.dsc 1e5c47a57390e3687ef07af9a54f9807 23044 web optional squid3_3.1.6-1.2+squeeze3.diff.gz 25c25ea08cff7d1564f43781118367d1 196062 web optional squid3-common_3.1.6-1.2+squeeze3_all.deb b232b0475053ee02b141cbd1a0868d92 1503786 web optional squid3_3.1.6-1.2+squeeze3_amd64.deb a692f9ebb0fe2b40f25f84b4fee1a61e 5630368 debug extra squid3-dbg_3.1.6-1.2+squeeze3_amd64.deb 5d043aec9d7ab49fa38cb391c5592acd 106596 web optional squidclient_3.1.6-1.2+squeeze3_amd64.deb 1fe4e32221676902f7f55f16ff50b3fe 109162 web optional squid-cgi_3.1.6-1.2+squeeze3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJRKOr3AAoJEHidbwV/2GP+tMcQAMWU9vk02JoPV5guWGLTPUzp hvH78ARaDvVwwgfghLm3PtJNNJrQiuYmTTQ5lXiSzMgagvMewtlKCSZ5CW6psoXN oRN0pK3zBMvTKQb89eGmqFu572uZ+6VZVYOAwuIzaD4Ogf3u6Yss68x3ldTkBUk4 xCUkTVQfK/KwOuUA5nV9yJ9xbSit2Ss2SSPMpJeLUjhy1iiM8wUqmzFzu1qfZO0q tG4PH6ycPehkD6sTubZ5FXArLavlIAcLOyItGrxRxehY2e2IUnmvSpLNlbUPTRzk oe1ySXd1kGjLv1lBTDkZpxZvOjF5m/bNqgfkl2G5wk/NDp1msVfFewv4X0qR87FI +P7P7Q/Hp4LecbU7k++zX3kfqb6cWtHnoSTa0bMhHmBH29KpqYgXaUVwdL1HkL+K iScDh4hKCbqSO5RGCdpLyUK+BCl2u+k0rPnu8yt2jFQRnFIg50gI1N0OWhd+11EX AhpE9QBi5/o8SmwnvVLwnAwIB5p9wuogxZSKMc85wCihflVkvaBZElY4lywhI62H 1vTJTkZb3WFka7iYVGeHnLORa+3y0AnlTdnRzTSqMXvqWukVzRLwpJnmgsXqb49B hk6hUvoiypZdkg2yGWMxofvNPy3Nc0sPRUwo4wIfvBxCQmwdpveMk72MaZ48qEQc ym5P/6RzFY3lMjHIffCA =/EFi -----END PGP SIGNATURE-----
--- End Message ---
