Your message dated Mon, 31 Mar 2008 01:38:05 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#455910: CVE-2007-6239: Denial of service via HTTP
headers
has caused the Debian Bug report #455910,
regarding CVE-2007-6239: Denial of service via HTTP headers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
455910: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455910
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: squid
Version: 2.6.5-6
Severity: important
Hi,
The version of squid in sarge and etch is currently vulnerable[1] to
CVE-2007-6239[1] which is described as:
Due to incorrect bounds checking Squid is vulnerable to a denial of
service check during some cache update reply processing. This problem
allows any client trusted to use the service to perform a denial of
service attack on the Squid service.
A patch is available[3].
1. http://security-tracker.debian.net/tracker/CVE-2007-6239
2. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239
3. http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch
Thanks,
Micah
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-2-vserver-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages squid depends on:
ii adduser 3.105 add and remove users and groups
ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy
ii libc6 2.7-4 GNU C Library: Shared libraries
ii libdb4.6 4.6.21-4 Berkeley v4.6 Database Libraries [
ii libldap2 2.1.30.dfsg-13.5 OpenLDAP libraries
ii libpam0g 0.99.7.1-5 Pluggable Authentication Modules l
ii logrotate 3.7.1-3 Log rotation utility
ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip
ii netbase 4.30 Basic TCP/IP networking system
ii squid-common 2.6.17-1 Internet object cache (WWW proxy c
squid recommends no packages.
-- debconf information excluded
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-2-vserver-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages squid depends on:
ii adduser 3.105 add and remove users and groups
ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy
ii libc6 2.7-4 GNU C Library: Shared libraries
ii libdb4.6 4.6.21-4 Berkeley v4.6 Database Libraries [
ii libldap2 2.1.30.dfsg-13.5 OpenLDAP libraries
ii libpam0g 0.99.7.1-5 Pluggable Authentication Modules l
ii logrotate 3.7.1-3 Log rotation utility
ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip
ii netbase 4.30 Basic TCP/IP networking system
ii squid-common 2.6.17-1 Internet object cache (WWW proxy c
squid recommends no packages.
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Version: 2.6.5-6etch1
This bug has been fixed in DSA-1482.
Regards,
L
--
Luigi Gangitano -- <[EMAIL PROTECTED]> -- <[EMAIL PROTECTED]>
GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972 C24A F19B A618 924C 0C26
--- End Message ---
