Your message dated Fri, 23 Feb 2018 11:34:52 +0000
with message-id <e1epbcq-0001el...@fasolo.debian.org>
and subject line Bug#888720: fixed in squid3 3.5.23-5+deb9u1
has caused the Debian Bug report #888720,
regarding squid3: CVE-2018-1000027: SQUID-2018:2 Denial of Service issue in 
HTTP Message processing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
888720: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888720
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: squid3
Version: 3.5.23-5
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for squid3.

CVE-2018-1000027[0]:
SQUID-2018:2 Denial of Service issue in HTTP Message processing

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-1000027
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000027
[1] http://www.squid-cache.org/Advisories/SQUID-2018_2.txt

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: squid3
Source-Version: 3.5.23-5+deb9u1

We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 888...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated squid3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 11 Feb 2018 22:00:18 +0100
Source: squid3
Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge
Architecture: source
Version: 3.5.23-5+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Luigi Gangitano <lu...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 888719 888720
Description: 
 squid      - Full featured Web Proxy cache (HTTP proxy)
 squid-cgi  - Full featured Web Proxy cache (HTTP proxy) - control CGI
 squid-common - Full featured Web Proxy cache (HTTP proxy) - common files
 squid-dbg  - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
 squid3     - Transitional package
 squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Changes:
 squid3 (3.5.23-5+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * ESI: make sure endofName never exceeds tagEnd (CVE-2018-1000024)
     (Closes: #888719)
   * Fix indirect IP logging for transactions without a client connection
     (CVE-2018-1000027) (Closes: #888720)
Checksums-Sha1: 
 82e86a7b5eae757a25f61dbf85e9293dde81f5b2 2737 squid3_3.5.23-5+deb9u1.dsc
 6b0b2091896e7874024e5f1e28eeccb0acd7e962 4730792 squid3_3.5.23.orig.tar.gz
 181ecf53e77ce323941feab04c24d328ddcf7988 27200 
squid3_3.5.23-5+deb9u1.debian.tar.xz
Checksums-Sha256: 
 b7e2dc4ff27cec592675ef9a6846ce989e51c8207d3e540a03e2292847842514 2737 
squid3_3.5.23-5+deb9u1.dsc
 f81eeee0fb046ad636566b51fe4f72b8bc66d454d7082ef38e273c3f4b09f6db 4730792 
squid3_3.5.23.orig.tar.gz
 b35cf4c628cd7a163a9c2e12076d2561b1e558265d97e777423e0a8b3b6dd37b 27200 
squid3_3.5.23-5+deb9u1.debian.tar.xz
Files: 
 93fb63e96a457f2709324ddf327bfec3 2737 web optional squid3_3.5.23-5+deb9u1.dsc
 49d790ddee8c611ee2992e66eb8e9ae9 4730792 web optional squid3_3.5.23.orig.tar.gz
 fe6c5c9548c25fe08bf274b6a895a942 27200 web optional 
squid3_3.5.23-5+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqG5OtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EJKsQAIqhv5RrvHj6L5ozLSsNnRNebe1cphch
cIF+Vz6xsGqBRu04P7eMX/PzRAjJiPSgqDzQNC9msXJVjtLS9UNp5jH7huLadU9V
QPe8SxZ0xJxvQ5rHVvMJMw9ZC8M6cIQ41wMgPA1BPnO2LD68ZgC+PbZZhtJb2R5W
1nK0ILqXcWAN/5h07Vh3ZJR1paXDdlzKOBIWf8GAwI7tTpyOXMxpuXu0dvjGbqJj
a5lGXYDXuo5hw5vsd2d6tkjt/OCASxGqVzBnTqhIfaPeIarlQiZFoZxkJTLpdxA+
JUYeh6HmA1HtfRhheWn9hnCwM7/+mt3HC/wa9xKYIYx92zgetUF4bS7BkNiYWmKh
4GOEtsxr4ibLQMI/Famm4K+hjZPkrsv/qrv2bDeFktvFqgwiDdd/XKYeIk46AjeB
OVgr6i4+FFmCYhiklSz42XTfhmk1bDMTwbR6pz5fuj6hCp7WG1o/SbkRKtXwOxpz
coZ1ms5OvSlqzWdrTCWc+vLo6qWLQ6pv5TqFClej3P5flgNUqbj6xe5RAMigyFAY
TP50fedSAo1PMLty2VunBmzN5GczkGtdAF103jMcvQl0s3MWm0S/e0kooRd3e2gw
lgodU6BDlSYnwXax4bxlmz1/S1AF/mGEF/A8hqLwuNe8xxKTUb/BX6+vJbjbPeyz
rsjCA/BUV+HL
=wt1O
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to