Bug#819783: marked as done (squid3: CVE-2016-3947)

Debian Bug Tracking System Sun, 03 Apr 2016 11:22:00 -0700

Your message dated Sun, 03 Apr 2016 18:20:12 +0000
with message-id <[email protected]>
and subject line Bug#819783: fixed in squid3 3.5.16-1
has caused the Debian Bug report #819783,
regarding squid3: CVE-2016-3947
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
819783: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819783
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: squid3
Version: 3.5.15-1
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for squid3.

CVE-2016-3947[0]:
buffer overrun in Squid proxy 'pinger'

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-3947
[1] http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
[2] http://www.squid-cache.org/Advisories/SQUID-2016_3.txt

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: squid3
Source-Version: 3.5.16-1

We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luigi Gangitano <[email protected]> (supplier of updated squid3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 03 Apr 2016 19:57:00 +0200
Source: squid3
Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge
Architecture: source amd64 all
Version: 3.5.16-1
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano <[email protected]>
Changed-By: Luigi Gangitano <[email protected]>
Description:
 squid      - Full featured Web Proxy cache (HTTP proxy)
 squid-cgi  - Full featured Web Proxy cache (HTTP proxy) - control CGI
 squid-common - Full featured Web Proxy cache (HTTP proxy) - common files
 squid-dbg  - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
 squid3     - Transitional package
 squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 819783 819784
Changes:
 squid3 (3.5.16-1) unstable; urgency=high
 .
   [ Amos Jeffries <[email protected]> ]
   * New Upstream Release
     - Fixes security issue SQUID-2016:3 (CVE-2016-3947) (Closes: #819783)
     - Fixes security issue SQUID-2016:4 (CVE-2016-3948) (Closes: #819784)
 .
   * debian/patches/
     - Remove patch included upstream
Checksums-Sha1:
 1df17913e3740e682a2fdd17d109819aea584b98 2344 squid3_3.5.16-1.dsc
 559be0bbeeff836070d144fa07f8c193c1bc7f86 4717250 squid3_3.5.16.orig.tar.gz
 27fb9bfbeaac452a9109e7f0c8c7315e54f8da2b 24428 squid3_3.5.16-1.debian.tar.xz
 098da56f194aba6d9abeaa5d5f84a437a0383649 160562 squid-cgi_3.5.16-1_amd64.deb
 81178fb45abd1997211126df2a0bd93782b429c2 281166 squid-common_3.5.16-1_all.deb
 7a753b46356c7618bb81996e9f6035156b9181f0 11712358 squid-dbg_3.5.16-1_amd64.deb
 99ad9157d80877f4c9e56043d1b54ab0b6163344 154800 squid-purge_3.5.16-1_amd64.deb
 007959312bb46cc17bb94a5d478d3c609d1dcf1b 136812 squid3_3.5.16-1_all.deb
 965d5870450486b150ab9b34ca838c3831a04df6 2432470 squid_3.5.16-1_amd64.deb
 cd4d254554390a622f824bd17be646721f9ab153 166078 squidclient_3.5.16-1_amd64.deb
Checksums-Sha256:
 95e685a2c0ee4f5bbbc14017c953f12ad63bc6a4860e5ead786b4c132f5955df 2344 
squid3_3.5.16-1.dsc
 3feed3ef550feaa3ef02f623295d74a71eb20d448e2883b5976c550c2f0cfb4f 4717250 
squid3_3.5.16.orig.tar.gz
 b2d3f43aacdd7c2350e3d04928151cd25e079bc4ba67bbbe760f619001bcf53a 24428 
squid3_3.5.16-1.debian.tar.xz
 f25e2880b2d045ffaf3e477f5e15e3077605a37c95a5de9e708f2a95ae6f89a0 160562 
squid-cgi_3.5.16-1_amd64.deb
 d6a5e8ca3a457e922228fecf388ea744ac9f66f93a290db7a807b846074363bc 281166 
squid-common_3.5.16-1_all.deb
 413dd9d735c9e582eeeabb229c1edf29a01f83c458d107e58488e54a0dca952e 11712358 
squid-dbg_3.5.16-1_amd64.deb
 f12e3d2bbe54690ab86bdb6b1e42d3242b043fe4ae99387e7be111c29c5260b6 154800 
squid-purge_3.5.16-1_amd64.deb
 30ba11317ef908f6359d854970a27e91c62638844a4f4df7451fe3f831b3c028 136812 
squid3_3.5.16-1_all.deb
 625ab69d7a978d157c3936b9e235fe29e34ef2f9dcc6145282ad89dc507cd8ad 2432470 
squid_3.5.16-1_amd64.deb
 73d326905933de2ac1d0da68c34b81909a6934d686e19d32d2d732f1bcb997c4 166078 
squidclient_3.5.16-1_amd64.deb
Files:
 6e86465db182aa3b8e1ad224295b79cb 2344 web optional squid3_3.5.16-1.dsc
 0211633a824cb6e1cf82db793d87e04c 4717250 web optional squid3_3.5.16.orig.tar.gz
 a7e7b709167d668a0b3d6faf96fad04e 24428 web optional 
squid3_3.5.16-1.debian.tar.xz
 0bf293f160d113f1ca0c5dad427c88ea 160562 web optional 
squid-cgi_3.5.16-1_amd64.deb
 335c998d0042656ac48859864d332272 281166 web optional 
squid-common_3.5.16-1_all.deb
 693af399c1a2585727679ecdcd7e8cbf 11712358 debug extra 
squid-dbg_3.5.16-1_amd64.deb
 64198c8abd1959ee89729db1c2b975da 154800 web optional 
squid-purge_3.5.16-1_amd64.deb
 4067dbbb8565f095398da0f58ab36ed4 136812 oldlibs extra squid3_3.5.16-1_all.deb
 dd3a3e0575133a0bec644ce9c8ff60a7 2432470 web optional squid_3.5.16-1_amd64.deb
 83ba4de2320702b42a229e0973a27d80 166078 web optional 
squidclient_3.5.16-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXAVvEAAoJEAKE8gwrqXzt02QQALMympaap56hgAajekWLf2t6
N8gTikrBgvd/OtM4BcZx6veD0KFW8iaPHmYQY/URbTcr+T/6EEmmCSFPH9dYhvHN
lZqloVo3MrB3nBJ0KWcyDAtlMG3+sg0VHfcmDL7oE/o/bQvWLx6//SCBLH7Rpqov
KpSqcAxJugtzG9ae86XH5w9IQ0thbHzX08oowQIae+QT0zozvbcqwCEBvZx7MAx6
bUWohcSXotadAvCrvT87kFZSmFuEIs3nNK29iNk4Bm3tpz768XccQtbwqZ/BhJnq
D+SBjK8mVyOmYz+WO+vS2OF33O4E9ZeZKh9vUuESUPhdFC2tamI+2GPwHVMiBYaK
zhw8LUldQy6inqm6c6BT2ZMNaRYABLvSodO1pvsylU+FzxVCVb+6Odmt/gjoKzZe
UuSVaO1y9+r7HTdvOS+aAmZyMVIyvL4FHWYlRk6q+p3y1QF9Nj3qKCtumGeg7YdE
XbLYO1jclFFT+PIalkDYah6XJBcPZITcxbsZDmRo2YTHTrOrJEeGtOuXYBhgtof3
W/Ecm9tp3D/aH5u2iG0U2z6H/lddm8svDevbZOsHsmIQHt574pZcnAJpf4hO6x7t
1rNL7MXWLV1Z+npIvMEuq+viZDnB8Hbw3AMGMJv7eURN9gXFjQR1Bxad5/+4DaER
CN623Gv5Z4FHlc3Ks88K
=lZ++
-----END PGP SIGNATURE-----

--- End Message ---

Bug#819783: marked as done (squid3: CVE-2016-3947)

Reply via email to