Your message dated Tue, 13 Feb 2018 16:06:23 +0000
with message-id <e1eld67-0004mk...@fasolo.debian.org>
and subject line Bug#888719: fixed in squid3 3.5.27-1
has caused the Debian Bug report #888719,
regarding squid3: CVE-2018-1000024: SQUID-2018:1 Denial of Service issue in ESI 
Response processing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
888719: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888719
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: squid3
Version: 3.5.23-5
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for squid3.

CVE-2018-1000024[0]:
SQUID-2018:1 Denial of Service issue in ESI Response processing

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-1000024
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000024
[1] http://www.squid-cache.org/Advisories/SQUID-2018_1.txt

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: squid3
Source-Version: 3.5.27-1

We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 888...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luigi Gangitano <lu...@debian.org> (supplier of updated squid3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 13 Feb 2018 15:31:24 +0100
Source: squid3
Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge
Architecture: source amd64 all
Version: 3.5.27-1
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano <lu...@debian.org>
Changed-By: Luigi Gangitano <lu...@debian.org>
Description:
 squid      - Full featured Web Proxy cache (HTTP proxy)
 squid-cgi  - Full featured Web Proxy cache (HTTP proxy) - control CGI
 squid-common - Full featured Web Proxy cache (HTTP proxy) - common files
 squid-dbg  - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
 squid3     - Transitional package
 squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 888719 888720
Changes:
 squid3 (3.5.27-1) unstable; urgency=high
 .
   [ Amos Jeffries <amosjeffr...@squid-cache.org> ]
   * New Upstream Release
 .
   * debian/{control,rules}
     - Add temporary dependency on gcc-6 and g++-6 to workaround FTBFS in
       unstable
 .
   * debian/patches/
     - Fix security issue SQUID-2018:1 (CVE-2016-1000024) (Closes: #888719)
     - Fix security issue SQUID-2018:2 (CVE-2016-1000027) (Closes: #888720)
 .
   [ Luigi Gangitano <lu...@debian.org> ]
   * debian/control
     - Changed priority to optional for squid3 and squid-dbg
     - Removed unneeded Build-Dep on autotools-dev
 .
   * debian/rules
     - Include dpkg-architecture Makefile instead of invoking the binary at
       build time
 .
   * debian/squid.postinst
     - Remove recursive chown calls
Checksums-Sha1:
 34db42142759bb0c060862eeaece8b2095b0d122 2559 squid3_3.5.27-1.dsc
 0cebb9b7ca832994a1b2b440a5ae653a74bc3084 4837850 squid3_3.5.27.orig.tar.gz
 98e0fe8f1687296b7946b549268d6b6ede4fb2f9 27300 squid3_3.5.27-1.debian.tar.xz
 c38ec122c0fb9056dee19673c30bd39fb4608811 166484 squid-cgi_3.5.27-1_amd64.deb
 efdd25466c276b6733bb23d7822e37e590ff129b 285548 squid-common_3.5.27-1_all.deb
 f5a15abf17252df634ebe751fdaf90e874a824c6 21590720 squid-dbg_3.5.27-1_amd64.deb
 93a516ef257a1bacd5b0670a85ea79d0e7c0aedd 158900 squid-purge_3.5.27-1_amd64.deb
 69e172f1eec670b447e497a9d92b64bafa278e06 139844 squid3_3.5.27-1_all.deb
 8c257d412ec0e8926c4041a608be275b6af75610 8746 squid3_3.5.27-1_amd64.buildinfo
 112b4475d25a7f4c05bf7c22da2860ef88239829 2324000 squid_3.5.27-1_amd64.deb
 254d20c9f5cbab072c79703a88663feb2ddfd33f 170564 squidclient_3.5.27-1_amd64.deb
Checksums-Sha256:
 73d74d807328e10ca9ec42646360934d3252937d99fcdff02f27d804aad19294 2559 
squid3_3.5.27-1.dsc
 f6a5f1272000b1c6365652b35f950fd77d091c14076d61812aecac4e90c73b39 4837850 
squid3_3.5.27.orig.tar.gz
 d0276eccafa6eb5cf435bbe4128baa60d53997b58145a902acc4813b5c832b81 27300 
squid3_3.5.27-1.debian.tar.xz
 58272d5c92ea7866a59737e9ce99f3a0ee24ddecd8363cbd5c71441266e465f6 166484 
squid-cgi_3.5.27-1_amd64.deb
 72ca8467e4b22ff99b28334972bc995f4eb54f7e557b2375294d113b9c499b0d 285548 
squid-common_3.5.27-1_all.deb
 f0a477685c1ded2667bae250e837555c29c28cc5296e7d9456970ee2e7eee195 21590720 
squid-dbg_3.5.27-1_amd64.deb
 7af20cc5dd398704ccf5e9fe0f5a8103b04f0589e7054d550be4328549add3c5 158900 
squid-purge_3.5.27-1_amd64.deb
 5aeb0773d26340118629d8dd985f4b9b831df9b8ff0485515444aa667ce5e4ad 139844 
squid3_3.5.27-1_all.deb
 9bce04858d6e757d18316a049b7dc812417f7286e52ca1742a00264329ff7c92 8746 
squid3_3.5.27-1_amd64.buildinfo
 1fb2af27980396a4a7fc4b5c398cec0dd340e9f0037fbb05157d55fd7640fcc2 2324000 
squid_3.5.27-1_amd64.deb
 56eda566d7c83a9d4eb40cdb9c5921225dd5e8b9a9cdf26d4396abe6cb7b1639 170564 
squidclient_3.5.27-1_amd64.deb
Files:
 d60d3d4d03aad88556826c8ef603aa7a 2559 web optional squid3_3.5.27-1.dsc
 97b1407772a53e2670274ac3b5f1d6c8 4837850 web optional squid3_3.5.27.orig.tar.gz
 4c13bad77bde2a4143849bb6b804e648 27300 web optional 
squid3_3.5.27-1.debian.tar.xz
 99098eeba23103007c1d003533eebe27 166484 web optional 
squid-cgi_3.5.27-1_amd64.deb
 dac55301a6ece8e5b349b7707ec19abc 285548 web optional 
squid-common_3.5.27-1_all.deb
 106a21107b3da99f11af112637b24c84 21590720 debug optional 
squid-dbg_3.5.27-1_amd64.deb
 15ab7349b1423cd544894f5e50133136 158900 web optional 
squid-purge_3.5.27-1_amd64.deb
 34017207a7bd11c37049b0e171fe6247 139844 oldlibs optional 
squid3_3.5.27-1_all.deb
 f9ca38777ca7606b9ba0ad7351f9c795 8746 web optional 
squid3_3.5.27-1_amd64.buildinfo
 7038ee45c2763eda65a132da03f217a7 2324000 web optional squid_3.5.27-1_amd64.deb
 b4698784a61aa56617254f6b2e3545a9 170564 web optional 
squidclient_3.5.27-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEjUhaNf8ebreQ5Q9tAoTyDCupfO0FAlqDBd0ACgkQAoTyDCup
fO1FNxAAkpvdPlq6cJ7I6UZ20f1UBqC8QYC+/eRPY4cEOj7ky4lfsEjTXzgG8IWs
TApYNK5EQC0N15SVB1d+nPwMq7A7l6phXYP8scTuFU6XzEAiwkxBXk3db+5QR7J8
snoikzrolcQ9Qq/eCQo94m2EaA/9/IV6/xkiZ9KA33rklGMVXjJVjbEf9Wyxywp2
PGBw9sH0aXKMEGjkDn7873QEU4NCr7XP+9CZHX1aKKaNxgmHE2DMpld9HoVG6w9C
Pa1jIdLiFfK79DvbJEo82bZWHvuhv93cA8MBIOc9x52KEIQqIOxOYZ+lLZjFK9eh
o3EJa747PJRrymHA5tUQSh2uvSgK1t2e+LG6ePINcSJPyUiOIyL207ecJ7uwHW4z
rXq2E8VAWggPCGAQYOd9RbmJg6884acuc5eitQPf29bHh/QyikBnfIE2Ad4CPpJF
JBasfSGosUcSbDPHn7FswknkS7FHhHBo6OaDQvU0O5sM3etYdu6ifAdCwTkLrJan
BJ4F/17UbTbxhPiLCz/eI4m6QJZt0UMqzPScBcFtMQcZGqxnIt/r0j+x1kLMz0R1
gAsvIqEjOm6GNe+zDR+FLtiNJYtqh9bgc3f6ojhlruIQMlQEWTOysh/QgS419PTx
dizqdYqAy8WvQv6HDTc5GzcuBLDpyt8u+SPx7DRRtGDkqAGnIrU=
=X1EA
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to