Your message dated Mon, 19 Dec 2016 00:07:24 +0000 with message-id <e1ciluc-0005rx...@fasolo.debian.org> and subject line Bug#848491: fixed in squid3 3.5.23-1 has caused the Debian Bug report #848491, regarding squid3: SQUID-2016:10: Information disclosure in Collapsed Forwarding to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 848491: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848491 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: squid3 Version: 3.5.22-1 Severity: important Tags: security upstream patch fixed-upstream Hi >From http://www.squid-cache.org/Advisories/SQUID-2016_10.txt > Problem Description: > > Due to incorrect comparsion of request headers Squid can deliver > responses containing private data to clients it should not have > reached. A CVE has been requested in http://www.openwall.com/lists/oss-security/2016/12/17/1 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: squid3 Source-Version: 3.5.23-1 We believe that the bug you reported is fixed in the latest version of squid3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 848...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Luigi Gangitano <lu...@debian.org> (supplier of updated squid3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 18 Dec 2016 23:39:24 +0200 Source: squid3 Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge Architecture: source amd64 all Version: 3.5.23-1 Distribution: unstable Urgency: high Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Luigi Gangitano <lu...@debian.org> Description: squid - Full featured Web Proxy cache (HTTP proxy) squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid-common - Full featured Web Proxy cache (HTTP proxy) - common files squid-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility squid3 - Transitional package squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility Closes: 793473 822952 848491 848493 Changes: squid3 (3.5.23-1) unstable; urgency=high . [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release (Closes: #793473, #822952) - Fixes security issue SQUID-2016:10 (CVE-2016-10003) (Closes: #848491) - Fixes security issue SQUID-2016:11 (CVE-2016-10002) (Closes: #848493) . * debian/patches/ - Remove patch included upstream . * debian/tests/ - Use package build-deps when testing so the make commands will work Checksums-Sha1: 197134d8ace06ae54284c6d4196019150be0082d 2397 squid3_3.5.23-1.dsc 6b0b2091896e7874024e5f1e28eeccb0acd7e962 4730792 squid3_3.5.23.orig.tar.gz 49f45d0160c7aa823fd23198cd5aaaee0db6ac78 25460 squid3_3.5.23-1.debian.tar.xz 5f2e8ae27cbb4c93eebf781013389737906c8b6c 164508 squid-cgi_3.5.23-1_amd64.deb 5acd567346d5f80b25011436debb99424be28807 284030 squid-common_3.5.23-1_all.deb 68f59153994461f5fd833427a7b29526f3c1f3bf 21562690 squid-dbg_3.5.23-1_amd64.deb deebbb55e525a7efeebf47ec914453549d31e79d 157000 squid-purge_3.5.23-1_amd64.deb 386b2bca052a123a27fa9738e886f74adcae3c50 138348 squid3_3.5.23-1_all.deb 96125c04c3582c1e391f9023b6e1c536296c208a 8377 squid3_3.5.23-1_amd64.buildinfo 2ce1eb847e2392ed82a6b72b7dfb1d4972404f24 2311344 squid_3.5.23-1_amd64.deb c8e0e90e1b9e862a37b89b93a43c0d4c4cb985e2 168126 squidclient_3.5.23-1_amd64.deb Checksums-Sha256: 38d1ffe9c150c24c98705a5cf15ffa2775319995a18b3d45034e7c052e2bb0ae 2397 squid3_3.5.23-1.dsc f81eeee0fb046ad636566b51fe4f72b8bc66d454d7082ef38e273c3f4b09f6db 4730792 squid3_3.5.23.orig.tar.gz a143ad91de14a1eb9f1d822a26f2b77a91015897f3e06bbed0bdfa50bdcbc7cd 25460 squid3_3.5.23-1.debian.tar.xz 1038c7f95c6f764689781c150571f388194cca9a9b1687b7aa2d1cc8619c2940 164508 squid-cgi_3.5.23-1_amd64.deb d632cdb07913459be218fdf09c8b9b661b176881848a4be5c9a8531cf3f58bc0 284030 squid-common_3.5.23-1_all.deb ab6f1c4c846788d4a2329e81367c1e42ef5e4693b75e7a6ef5796a5fb4fcbd86 21562690 squid-dbg_3.5.23-1_amd64.deb 82c9d6468126d1b146d9c1f259d4e3989fd6f58e96158c4edf5f576696dbb650 157000 squid-purge_3.5.23-1_amd64.deb 9739ddddef3ba4780d577efd6cb09de81388c8ca1ce0037cff8cae83b9900b80 138348 squid3_3.5.23-1_all.deb ea5f09d8ffc02c82f6177d7997487596307d46cfaeb203ba0c303adcc86992b6 8377 squid3_3.5.23-1_amd64.buildinfo 09f8a830164bc6f705dc786245222a00d8683fc1267899055c512ec02808aca3 2311344 squid_3.5.23-1_amd64.deb 6e92d0bc65177acd410b80caf864bb34af0c727beddaed32319f5d24c767bf80 168126 squidclient_3.5.23-1_amd64.deb Files: 3da6149d1248ae7e24d7e95e27619ca8 2397 web optional squid3_3.5.23-1.dsc 49d790ddee8c611ee2992e66eb8e9ae9 4730792 web optional squid3_3.5.23.orig.tar.gz afc0191c3af8ea1ef58254b1d832c9cd 25460 web optional squid3_3.5.23-1.debian.tar.xz d2842282a031b893cbdda3634cada080 164508 web optional squid-cgi_3.5.23-1_amd64.deb 84be34482e662640e02cb0e6357d582e 284030 web optional squid-common_3.5.23-1_all.deb e1649262c944019fbee49dd7b02f399f 21562690 debug extra squid-dbg_3.5.23-1_amd64.deb e1a929456c79c177167c404e83059d28 157000 web optional squid-purge_3.5.23-1_amd64.deb 969b49f6e0d5f0cb413aa1977c65ac6c 138348 oldlibs extra squid3_3.5.23-1_all.deb 38ce40aa262827e466e12a42cb3819db 8377 web optional squid3_3.5.23-1_amd64.buildinfo acc42f6db2c2a2044496ddfb3954169b 2311344 web optional squid_3.5.23-1_amd64.deb 0e13622997986323b0904b86d3859ecf 168126 web optional squidclient_3.5.23-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYVx76AAoJEAKE8gwrqXztssQQAKAhLZ7xeMqSN4lKX3kZuS1D 2CTj+56IsEigpJBzCHhEXN07so4F/4Qn0z8DdBctkBawFJwH7rWRWjM98Zzx40az 0G/QM4cCAjSCOWiNX57frWfVU10sd6/sSvwJ0jyvajlBIzIzgqJ6a0i5NG41JH0Z CBQEE9fWajsP93iJY4JrVbSylUenBhkETdtVmBhHohHTqjAn8Wl6Pnjfs9+eCilG NiNQEeMltqeR2A5aqC6JCu/7ytg3Jnd/xPgQWXq6VtynHhTRsFYLLgzGWZEZGgBM g9nDMx9AhDYfc7xPmiFPnfStf+c7dExhqKEzHH5rLcKAUptvSM6wHYr8xVN+IEX9 V6wUGNDnZqv+lQNk5ZcXLc0uC25LXXyFKbRhcdviL44G3Zb/sy9YJtzxEIobDrHB lYaAVgOUnFx/cCQdqCIhvHeOetUWgrAexbeskovQonPegCTLXIY467BsUtxB2cdF wOmpDGju9gop2HCqIGbkty7Fa5HGbbqrveiDBqye4J2Tz9F856W/nS/iiLy0ma71 S5ClK+U/XFRDmyr0yhAKybaAI4EeiYjN3E+4LSqr++N0KhlawUgxIoQr4aEOXtsM dD8MFIteaZQ5iFYaP3F3riNxiDTsSn43WxfIm07htDDSj9PyG5R78eIA7U3qroi5 KDMpL1rAP1T/uSyZUpAP =A9jc -----END PGP SIGNATURE-----
--- End Message ---
