Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service

2013-02-23 Thread Luigi Gangitano
Please go ahead and submit it to debian-security. Regards, L Il giorno 23/feb/2013, alle ore 17:25, Salvatore Bonaccorso ha scritto: > Ciao Luigi > > On Sat, Feb 23, 2013 at 04:41:51PM +0100, Luigi Gangitano wrote: >> Ciao Salvatore, >> >> Thanks a lot for your NMU. I really appreciate your

Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service

2013-02-23 Thread Salvatore Bonaccorso
Ciao Luigi On Sat, Feb 23, 2013 at 04:41:51PM +0100, Luigi Gangitano wrote: > Ciao Salvatore, > > Thanks a lot for your NMU. I really appreciate your help. Thank you for your feedback! I now also would have the package ready targeting stable-security. Regards, Salvatore -- To UNSUBSCRIBE, em

Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service

2013-02-23 Thread Luigi Gangitano
Ciao Salvatore, Thanks a lot for your NMU. I really appreciate your help. Regards, L Il giorno 18/feb/2013, alle ore 19:56, Salvatore Bonaccorso ha scritto: > Hi Luigi > > squid3 in stable is still affected by #696187: cachemgr.cgi denial of > service. > > Could you prepare an upload for C

Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service

2013-02-18 Thread Salvatore Bonaccorso
Hi Luigi squid3 in stable is still affected by #696187: cachemgr.cgi denial of service. Could you prepare an upload for CVE-2012-5643 and subsequent CVE-2013-0189 targeting stable-security for a DSA? Note that the initial patch was incomplete and the full fix is at [1]. [1]: http://www.squid-c

Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service

2013-02-05 Thread Michael Stapelberg
On Tue, 22 Jan 2013 17:37:10 +0100 Moritz Muehlenhoff wrote: > Note that the initial fix was incorrect: > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0189 I have integrated this upstream patch (which adresses CVE-2012-5643 and CVE-2013-0189): http://www.squid-cache.org/Versions/v3/3.1/cha

Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service

2013-01-22 Thread Moritz Muehlenhoff
severity grave 696187 thanks On Mon, Dec 17, 2012 at 09:36:27PM +0200, Henri Salo wrote: > Package: squid-cgi > Version: 3.1.20-2 > Severity: important > Tags: security > > http://www.squid-cache.org/Advisories/SQUID-2012_1.txt > http://www.openwall.com/lists/oss-security/2012/12/17/3 > > Probl

Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service

2012-12-17 Thread Henri Salo
Package: squid-cgi Version: 3.1.20-2 Severity: important Tags: security http://www.squid-cache.org/Advisories/SQUID-2012_1.txt http://www.openwall.com/lists/oss-security/2012/12/17/3 Problem Description: Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of servic