Your message dated Wed, 21 Aug 2024 20:32:45 +0000
with message-id <e1sgs0b-00dtsh...@fasolo.debian.org>
and subject line Bug#1074284: fixed in squid 5.7-2+deb12u2
has caused the Debian Bug report #1074284,
regarding squid: CVE-2024-37894
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1074284: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074284
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: squid
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for squid.
CVE-2024-37894[0]:
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP,
| and more. Due to an Out-of-bounds Write error when assigning ESI
| variables, Squid is susceptible to a Memory Corruption error. This
| error can lead to a Denial of Service attack.
https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg
https://github.com/squid-cache/squid/commit/920563e7a080155fae3ced73d6198781e8b0ff04
(master)
https://github.com/squid-cache/squid/commit/67f5496f7b72e698ad0f5aa3512c83089424f27f
(v6)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-37894
https://www.cve.org/CVERecord?id=CVE-2024-37894
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: squid
Source-Version: 5.7-2+deb12u2
Done: Moritz Mühlenhoff <j...@debian.org>
We believe that the bug you reported is fixed in the latest version of
squid, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1074...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <j...@debian.org> (supplier of updated squid package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 16 Aug 2024 17:02:55 +0200
Source: squid
Architecture: source
Version: 5.7-2+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: Luigi Gangitano <lu...@debian.org>
Changed-By: Moritz Mühlenhoff <j...@debian.org>
Closes: 1074284
Changes:
squid (5.7-2+deb12u2) bookworm-security; urgency=medium
.
* CVE-2024-37894 (Closes: #1074284)
Checksums-Sha1:
3cbc0a28398578c5bd38f7a2b4abb13402caa546 2720 squid_5.7-2+deb12u2.dsc
18a9adabbf26562b9463dafefc57ba3b15e456ac 55832
squid_5.7-2+deb12u2.debian.tar.xz
fd737f6c37e9df7ea5e51be8bbe64ec69ae5f8ad 10826
squid_5.7-2+deb12u2_amd64.buildinfo
Checksums-Sha256:
3410c58c57f38e063560cc12f104395cf1dfa5321c6c46afdb765288f9a5d67f 2720
squid_5.7-2+deb12u2.dsc
f37bfd62717be7aa561eca64388002999ae804ff40c569b5acca3cb3564cfc99 55832
squid_5.7-2+deb12u2.debian.tar.xz
a40661f0cf126e9f7acfee12ece304b2c7f54c073717b5f6c687d733a6bf4e64 10826
squid_5.7-2+deb12u2_amd64.buildinfo
Files:
d64407e7e06a5c9b3ddc001ee002eb6a 2720 web optional squid_5.7-2+deb12u2.dsc
2dd997226572aa38fafa41552d423394 55832 web optional
squid_5.7-2+deb12u2.debian.tar.xz
2978cc7a78ef2ed64702388409c43056 10826 web optional
squid_5.7-2+deb12u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAma/cX4ACgkQEMKTtsN8
TjZzPw/5AT7HP4HJLFH6BKQajCRj10E+Rkd2R000QowsstElykMCtaeY6ZVV2FT1
9ZqAQ9ujSomlNiCvvt3wMNdNzeANM4YHBm+FYqI4jXvRmydP6Rpvz8JzHvdz0R03
vDIup3FxdCBtqZets06rX2guq3DpMtYvGDgHYvD6Iv2eQ5SRouNxwA9WnRiW//nZ
NZIUa6Cnegcl2sg9w0NFecVnkMhnXmF0hr5CuiU95RXqqoblmGTWbxws13NQiuwg
YIQCY0EYvh5HHBeb1TwD+3hQMj1mQNNGwsWEDU/AevT3QemXNXgeK5E5nF7hxDFg
LxlSN8mP7sSe4N1IEj4TyKMBGG5BhycaNpjKI6xjCrRivhmsSbSFrFc2eCtiT69r
YknAKQxFUbLavD/aa8bsTyGHdDtMyxDS36Y/N+tzeFwyanLdtir77yAyyZAnyNqg
8yTbuv0UibknPQcyscttXeE3EJ7EHJzrN5nfKOLs+6OnCdCj7ckX0FZKjNNGJ7TI
YWE2Jc+fLVjVdi1FVHHCdz3RNGJTpL3vJHY17ySURlKb2U5FZuyIbn9qaOLrzGym
BRB7POgV3noCuItbtOcMnsyxVmvLjZPKIptx4jBcHhS4c6OZyiHhP6xmPVmLh1G4
90XUbOvhc9sLuIWwj8YMOtHXiIDQ3nS0ct1ced5CWJj0CV6Cywo=
=50i0
-----END PGP SIGNATURE-----
pgpHvbeV8MCp1.pgp
Description: PGP signature
--- End Message ---
