Your message dated Sun, 06 Jun 2021 14:33:07 +0000 with message-id <e1lptpr-0005ai...@fasolo.debian.org> and subject line Bug#988893: fixed in squid 4.6-1+deb10u6 has caused the Debian Bug report #988893, regarding squid: CVE-2021-28651 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 988893: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988893 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: squid Version: 4.13-9 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 4.6-1+deb10u5 Control: found -1 4.6-1+deb10u5 Control: found -1 4.6-1 Hi, The following vulnerability was published for squid. CVE-2021-28651[0]: | Denial of Service in URN processing If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-28651 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651 [1] https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: squid Source-Version: 4.6-1+deb10u6 Done: Santiago Garcia Mantinan <ma...@debian.org> We believe that the bug you reported is fixed in the latest version of squid, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 988...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Garcia Mantinan <ma...@debian.org> (supplier of updated squid package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 31 May 2021 10:39:12 +0200 Source: squid Architecture: source Version: 4.6-1+deb10u6 Distribution: buster-security Urgency: medium Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Santiago Garcia Mantinan <ma...@debian.org> Closes: 988891 988892 988893 989043 Changes: squid (4.6-1+deb10u6) buster-security; urgency=medium . [ Francisco Vilmar Cardoso Ruviaro ] * Add debian/patches/0029-CVE-2021-28651.patch to fix a Denial of Service in URN processing. (Closes: #988893, CVE-2021-28651) . [ Santiago Garcia Mantinan ] * Add patch to fix a Denial of Service in HTTP Response Processing. Fixes: CVE-2021-28662. Closes: #988891. * Add patch to fix a Denial of Service issue in Cache Manager. Fixes: CVE-2021-28652. Closes: #988892. * Add patch to fix Multiple Issues in HTTP Range header. Fixes: CVE-2021-31806 CVE-2021-31807 CVE-2021-31808. Closes: #989043. * Add patch to fix a Denial of Service in HTTP Response processing. Fixes: GHSA-572g-rvwr-6c7f. Checksums-Sha1: 99f89cb70c0c7931444966d5a808a22213dacda7 2674 squid_4.6-1+deb10u6.dsc 90e05d230e983c324c638e68f25ffa2d6af2455f 79260 squid_4.6-1+deb10u6.debian.tar.xz 60e0f1794ac06ec2f295adaa3d50225f6f2f1ca9 7760 squid_4.6-1+deb10u6_source.buildinfo Checksums-Sha256: 552888b2b52066358efc30d0af82e8ac15320050182af85258208694a4119a41 2674 squid_4.6-1+deb10u6.dsc db51d286ceb262def6b57bb4a2eb911033bffd8d63d47f78fbbd483831d3dd9e 79260 squid_4.6-1+deb10u6.debian.tar.xz 5414e73a01f20b193df2f5df771f84d888971cd6ba1184cb0bb36d7bafc7c74c 7760 squid_4.6-1+deb10u6_source.buildinfo Files: 3d26bf3992bcaf73bb37b1c42187fa9f 2674 web optional squid_4.6-1+deb10u6.dsc 87544cacb12faed5be0f5dbff7714db0 79260 web optional squid_4.6-1+deb10u6.debian.tar.xz b922fd3c9081c7cc4f16f09e3c96f372 7760 web optional squid_4.6-1+deb10u6_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBqPldg9hG0uxqQ5ouGiMo9h21aMFAmC1Pn4ACgkQuGiMo9h2 1aMmSg//ffuTmGnxSSCg8gwJ3JCKI5LrkgEy4dvWb/zZi8umckY00iJneDd+gegL PVg7LX+hI/ylBc6C3UoSj7AcoSYzzM3+moTki7WwCrmeBgOtVW6NwVlu7WIdnTlL z1BEYveYYDriIWRxh3iztdBS4O8BSG3BZCIQ5Ry9umqttE/XRPcwXV6dyjpvNXD1 pHNYWAkmvpU4EmpCav05ue/gATTyRp59jV+uS0B+mKeB3ab2NpQpabVXT3nvS9Rj /pUVA+dszmtMBuvfBHKRgnrQ11g+eSRI/09bNX7tBY8uPcr/X/vCdGOZINKS76ZE Rw3bZlmVG076o4QuoozaFkyjZ9z/KnYl0AAhRfiCot7EP/pYeoHzY0X7T9cozlwV OgWYNhZv5KyE2J62ogVCv5aN7KZn0IhvtL1Gr7EYfCZZzKSZ1Jr0lFNRXrF3lyFa OIUvINQNQoeepNPABASzLU/yUi4SecqDrq1bgzyb/d714MXnsxQaX/RiWnrWvxGE Ki6Ty7ecwmsSOoeiLb0XKbmQNYsC+bkDKdJ2H5e66/ez1f2Ir7Eh+Mv6iLHNa201 Gr/bCK89bIhVmCr6YV1wnl9h/PD0LQgTK8NOjQFwTm9LsKKN97CzYrg5i9gXHyXT K5lDNYF70mIUq9vS0v2vQ9dkb2NNgX7HPInj54RCYcCjePzWVPs= =y0iN -----END PGP SIGNATURE-----
--- End Message ---
