Your message dated Wed, 22 Oct 2025 18:19:55 +0000
with message-id <[email protected]>
and subject line Bug#1118341: fixed in squid 7.2-1
has caused the Debian Bug report #1118341,
regarding squid: CVE-2025-62168
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1118341: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118341
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: squid
Version: 7.1-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for squid.
CVE-2025-62168[0]:
| Squid is a caching proxy for the Web. In Squid versions prior to
| 7.2, a failure to redact HTTP authentication credentials in error
| handling allows information disclosure. The vulnerability allows a
| script to bypass browser security protections and learn the
| credentials a trusted client uses to authenticate. This potentially
| allows a remote client to identify security tokens or credentials
| used internally by a web application using Squid for backend load
| balancing. These attacks do not require Squid to be configured with
| HTTP authentication. The vulnerability is fixed in version 7.2. As a
| workaround, disable debug information in administrator mailto links
| generated by Squid by configuring squid.conf with email_err_data
| off.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-62168
https://www.cve.org/CVERecord?id=CVE-2025-62168
[1] https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr
[2]
https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: squid
Source-Version: 7.2-1
Done: Luigi Gangitano <[email protected]>
We believe that the bug you reported is fixed in the latest version of
squid, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luigi Gangitano <[email protected]> (supplier of updated squid package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 22 Oct 2025 16:58:20 +0200
Source: squid
Architecture: source
Version: 7.2-1
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano <[email protected]>
Changed-By: Luigi Gangitano <[email protected]>
Closes: 1080997 1117048 1118341
Changes:
squid (7.2-1) unstable; urgency=high
.
[ Amos Jeffries <[email protected]> ]
* New Upstream Release 7.2 (Closes: #1080997)
Fixes: CVE-2025-62168. SQUID-2025:2 (Closes: #1118341)
Fixes: CVE-2025-59362 (Closes: #1117048)
.
* debian/watch
- remove check for files no longer provided upstream
.
* debian/control
- support libkrb5 provided by krb5-multidev package
Checksums-Sha1:
00dd18e68ee9131b7eabee0c7051f26f2e9b8f21 2778 squid_7.2-1.dsc
ebacd3da66c762d2eeb2fda3e9eb3012a3168477 2442224 squid_7.2.orig.tar.xz
7698c551d69ceeae12f1ee275c3eec02c9e9f048 744 squid_7.2.orig.tar.xz.asc
8e8dcc1b8ba31a85251c4251111eb518b99c11c1 44576 squid_7.2-1.debian.tar.xz
a0f6242c8e27256269bebfe21064cd86c82989bc 7776 squid_7.2-1_arm64.buildinfo
Checksums-Sha256:
4f3a8e9976f7786a9957bcf75d569913eae28a4f1e33b6f9f4a7b6cba312e2d2 2778
squid_7.2-1.dsc
5e077be1d83a9e696ce8d0d9e723b1273152207a091404be68a4b9a9e18c7003 2442224
squid_7.2.orig.tar.xz
23f044b8180ad170c37ad32a0ae69297bc48c696e85add116a7c054b089a7b43 744
squid_7.2.orig.tar.xz.asc
3703a2e1d6097737e0b025682ed4c4d0341e4b2dc9be03b78e4cb0affb0f0fdb 44576
squid_7.2-1.debian.tar.xz
933c10a5c92420198a3e9718a09d308cc28da50c75504c6a2043b8cfa906cf93 7776
squid_7.2-1_arm64.buildinfo
Files:
0b9129d60e45ebb4763c31ebe2d6fe82 2778 web optional squid_7.2-1.dsc
7ccfe2f599b599f2de7ca18cb6b93951 2442224 web optional squid_7.2.orig.tar.xz
cf99b952f35548f1d04b860bca8b1c61 744 web optional squid_7.2.orig.tar.xz.asc
59916db6f0dd71717e1021c9cb6de83a 44576 web optional squid_7.2-1.debian.tar.xz
eb8d8655c04bb63d18ff436b424c8e8a 7776 web optional squid_7.2-1_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEjUhaNf8ebreQ5Q9tAoTyDCupfO0FAmj5GyAACgkQAoTyDCup
fO27dw//XjIGkdK+As0hl6LDddWpOSvbOIS9JX2Few86OB5nYnfq6yoTnBmkNmdz
i1GDcQgZ3JEjfL7GHbXANHB1CHfl8+vRTngd49T/xkyCnT8DcMHTqyqOMlMBOh4A
SUDdmvmupjnFyvzJnfYUrMK0fvXkPsWJdRJ8wL/aFyKFFo2RvwKd9JBPoMhuMK5/
n4qY+q7vU6ueLXsY1t/PYD9unxUIpQxL6n9Ni7VAhl7PTuyKcHBw7s+pL2Hk5xNt
qE7RIc3GJJu1ewth15MW3Mp5e6sOjMaSM2/TBb9jbCs9qHN5pRax91+hQjsE98QP
F9DKd8BISlHnhJa3HXVriUzis1KrB18D7CuxPs35SsE/57EsV43T2UIzfGO9A5v2
kD76DVua0tNmahIHBsifkSyuAdpfFech9KUvQDdxF/4GkqIAauCmBJeQmkTeMDWo
rn806V1l1NJlLyjxKsJRxp+ZRdYoZOqIbNFOgkn/UuxS/yJ1YJnqGLYb92LZ7n0M
qLbhf84LGHvAQiTTGrTfP2PRdOJ9iyF82m2KGvlRc/7x2OJJ9ck6dug/66IoscFY
PV0vsg7Gn7fnZx9shiKZD/Y7Ra5Jt2nLBssvlCe/LCr/H5DPmRhiPO27/geAhHxn
ma4eWOQppQAPAKzioLTUDw85pexZN6ukt4YpsDlUBQdxGgqOImI=
=ZqgW
-----END PGP SIGNATURE-----
pgpCoRSpspvkQ.pgp
Description: PGP signature
--- End Message ---
