Your message dated Sun, 21 Mar 2021 01:19:26 +0000 with message-id <e1lnmky-000ic6...@fasolo.debian.org> and subject line Bug#985068: fixed in squid 4.13-8 has caused the Debian Bug report #985068, regarding squid: CVE-2020-25097: SQUID-2020:11 HTTP Request Smuggling to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 985068: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985068 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: squid Version: 4.13-7 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 4.13-5 Control: found -1 4.6-1+deb10u4 Control: found -1 4.6-1 Hi, The following vulnerability was published for squid. CVE-2020-25097[0]: | SQUID-2020:11 HTTP Request Smuggling If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-25097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25097 [1] https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: squid Source-Version: 4.13-8 Done: Santiago Garcia Mantinan <ma...@debian.org> We believe that the bug you reported is fixed in the latest version of squid, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 985...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Garcia Mantinan <ma...@debian.org> (supplier of updated squid package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 21 Mar 2021 00:58:29 +0100 Source: squid Architecture: source Version: 4.13-8 Distribution: unstable Urgency: medium Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Santiago Garcia Mantinan <ma...@debian.org> Closes: 985068 Changes: squid (4.13-8) unstable; urgency=medium . * Add SQUID-2020_11.patch to fix HTTP Request Smuggling. Fixes: CVE-2020-25097. Closes: #985068. Checksums-Sha1: 12cc5b6cf9cf2b49868f7011115395ebd388f968 2952 squid_4.13-8.dsc bb35d49ef6bb18c1a468959e828ba005a5a5a93f 42472 squid_4.13-8.debian.tar.xz f2b38fb8678f6b52d78dc26913868d9304e6b552 7802 squid_4.13-8_source.buildinfo Checksums-Sha256: a676fd87ed8feab8d3605fb94ca53d2f264ce54b30c0a5ae9b6dfdfb111bc4b9 2952 squid_4.13-8.dsc 0345e759a442b879dc1d86dc2ab58f07be4f31ca0e1bce508805446fad9c8e85 42472 squid_4.13-8.debian.tar.xz af292fa612e88d4d4d21176edf999f34d5b6db05d7b1520a84b49f460be96555 7802 squid_4.13-8_source.buildinfo Files: 6d769ccc14cbcd1ec1420a0bf0fa1e45 2952 web optional squid_4.13-8.dsc b635fb9c3e25410a97f2cf7c94dc27c9 42472 web optional squid_4.13-8.debian.tar.xz 903d385937eaa1f12d9cc69dde8432ed 7802 web optional squid_4.13-8_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBqPldg9hG0uxqQ5ouGiMo9h21aMFAmBWmcIACgkQuGiMo9h2 1aPF+xAAzDkJoYwKl2FulpC5n1JZ3EpDYxbz11Da4Hp7m7Pwfd5dNr2Lq5P94XjB UJ3LSTVIY6B78I2UAOilGQRgPOzmW3cGVznQ704qvmry4ryqyASFyQgszFBufH4z joaqfViYGOTSisFo08ONp9wTLNXLJAkJJrnMcJXFDiqHJjka9NmqxXSZaR9V0ElW YHsTwaPem6iR6wz/F7RKR/dbOvTaCCSq17pmYD31fBYUGS2UWmlEak2M4JoPXrC2 YxJOMabLej+vTY6Uu3pdT3aQ/eeaCE2O8zOG4YLYxRxpyxQy7LzCGYLPitqZFDrQ TuKrqcvrWhdrGxT3470MK3eVbbCTzmZ+/VsFB+o56vsPVL3NaDsjJ8Ud22vzb60q XnRlRvWkOO+10UYFZT63YU+AmxgcJDm09p4WynLWL7I+WL2fIf+KkKRjPUqbnspt 4Jme8bMkpbDhwmm7YZC4EbN6KWMv06FzJAlhxrWNc7gDxUuDIZVUQznbv7m3QMWl Iz8TQE8Sp72LGZ9xl3TxFjXNOXCOWOrU7HRVCUMNCWHwvrpwLSAj8uN5Bfqyc+lZ 802zzEgY+kSgmhVQOYSSm3GuHidBzSwF3Q1U8ZacOi5K4syn7+QNcr7WZ5uzHTE5 h7zTnVYCGmS8OIYAXHmiMcR5QPCN8vXlHxqPKqSbHgESSgYkVKw= =/tcl -----END PGP SIGNATURE-----
--- End Message ---
