Your message dated Thu, 18 Jan 2024 12:57:52 +0000 with message-id <e1rqrxw-0035i6...@fasolo.debian.org> and subject line Bug#1058721: fixed in squid 6.6-1 has caused the Debian Bug report #1058721, regarding squid: CVE-2023-50269: SQUID-2023:10: Denial of Service in HTTP Request parsing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1058721: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058721 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: squid Version: 6.5-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for squid. CVE-2023-50269[0]: | Squid is a caching proxy for the Web. Due to an Uncontrolled | Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 | through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable | to a Denial of Service attack against HTTP Request parsing. This | problem allows a remote client to perform Denial of Service attack | by sending a large X-Forwarded-For header when the | follow_x_forwarded_for feature is configured. This bug is fixed by | Squid version 6.6. In addition, patches addressing this problem for | the stable releases can be found in Squid's patch archives. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-50269 https://www.cve.org/CVERecord?id=CVE-2023-50269 [1] https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.6-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: squid Source-Version: 6.6-1 Done: Luigi Gangitano <lu...@debian.org> We believe that the bug you reported is fixed in the latest version of squid, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1058...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Luigi Gangitano <lu...@debian.org> (supplier of updated squid package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 18 Jan 2024 13:04:20 +0100 Source: squid Architecture: source Version: 6.6-1 Distribution: unstable Urgency: high Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Luigi Gangitano <lu...@debian.org> Closes: 1058721 1058860 Changes: squid (6.6-1) unstable; urgency=high . [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release 6.6 Fixes: CVE-2023-50269. SQUID-2023:10 (Closes: #1058721) . [ Luigi Gangitano <lu...@debian.org> ] * debian/patches/ - Refreshed patches . * debian/squid-openssl.dirs - Stop creating empty /lib/systemd/system directory (Closes: #1058860) . * debian/changelog - Fixed typo in CVE reference Checksums-Sha1: 8dbdd522ace514f632c397adbb9c9ba7d44d20c5 2919 squid_6.6-1.dsc f05e06a9dd3bf7501d2844e43d9ae1bd00e9edcc 2554824 squid_6.6.orig.tar.xz a251df070911b05241e2c2103a97263d63cec7ae 1193 squid_6.6.orig.tar.xz.asc 4e57e8850b03e4c2d33c2a732680ef7e2888d962 43184 squid_6.6-1.debian.tar.xz 0824de602aa4566eaf71699c5ae817f3915102da 9781 squid_6.6-1_arm64.buildinfo Checksums-Sha256: 48926533684330bdf92e9c81299039d05fa0faa9af3d15e83a82f90e5e6dc6ea 2919 squid_6.6-1.dsc 55bd7f9f4898153161ea1228998acb551bf840832b9e5b90fc8ecd2942420318 2554824 squid_6.6.orig.tar.xz 2275a6c0f1b1fef259cb283b6fe03df85512e93054bc242598d8c5244a6ac7d1 1193 squid_6.6.orig.tar.xz.asc e9a969543a51420f327b87a1d4580e7c214cbc6605bb483ad95c0782a84afafb 43184 squid_6.6-1.debian.tar.xz 22b587ce945b11954142105da893ea73feff3b669a98f9f778579c4a058a05c8 9781 squid_6.6-1_arm64.buildinfo Files: 6bf2d628db55e55babcbe360d6fe8153 2919 web optional squid_6.6-1.dsc 5a41134ee1b7e75f62088acdec92d2ca 2554824 web optional squid_6.6.orig.tar.xz e8591f4395d127014759d2ee710ebc21 1193 web optional squid_6.6.orig.tar.xz.asc 3abe20ff7702bdc74e23379a596fd661 43184 web optional squid_6.6-1.debian.tar.xz cefdbf8e7fccdf67f56f2d443831fbbc 9781 web optional squid_6.6-1_arm64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjUhaNf8ebreQ5Q9tAoTyDCupfO0FAmWpGEYACgkQAoTyDCup fO3ZoxAAiJd1Ea02d04Z9bGz/Va9gMjHuGOHugQvByO9Kn9IYAWQ1WIZ52zp6osL khr1BqOfCpeEO+NIkuYApDHKQwxT9YHvS8Z/KEVmhKrV2Oo9wZ18ZuW3ws/PfDJu JlfN+k1vZTP51VsqSs6ccBYkzYPRo3p8lRGKB9UOsGEt2NeIiMpcJ8oku/iAz2VO +6v/8FEshQS4dONd83CGzZC3CXfcYmvE52i5aTX5gLR264aGx9FNppOnv/CCI6YS zgVxwFVOhcOZGyIkY8KMNE3DmfjB3mWjSx9J5JwQP6tfekqEtvhvHvmxfxTXa5AK O8ukx8AtyGFzE5f52D+r52x24PgdcgI3oMyEjRKYdustm7sN9TzaeghHLRo66Uvb z+gEz/lFOJUUsKiygIVtz83DCLe2XnTimCmDNyIBUHf8BztoPSyM6Egc07BY6IT4 Aos1pdZF9Rf5qy87qYYTBSZ/bs3OOQP4Cq4zMDnTSoEEAj5qelLMj13CSBPOed21 /aPT/3VOzWUThpl246zGnmdtk+IFqyuMn9OGus+eeEyljUm5MiRwy2FtPmnV7D0b 41p0BDk13Bjx9dvro7ZBD5Mr3/o35lCv3q3raJsb12mTQXkVJ4GiBg329YGpzfT3 2jRmigvSnNo46UX2OzRgJ87t5nFVNlcar5Hl5Kol6TXB/olbAnM= =weTm -----END PGP SIGNATURE-----
--- End Message ---
