Your message dated Fri, 23 Feb 2018 16:47:59 +0000 with message-id <e1epgvr-000iv8...@fasolo.debian.org> and subject line Bug#888719: fixed in squid3 3.4.8-6+deb8u5 has caused the Debian Bug report #888719, regarding squid3: CVE-2018-1000024: SQUID-2018:1 Denial of Service issue in ESI Response processing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 888719: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888719 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: squid3 Version: 3.5.23-5 Severity: important Tags: security upstream Hi, the following vulnerability was published for squid3. CVE-2018-1000024[0]: SQUID-2018:1 Denial of Service issue in ESI Response processing If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000024 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000024 [1] http://www.squid-cache.org/Advisories/SQUID-2018_1.txt Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: squid3 Source-Version: 3.4.8-6+deb8u5 We believe that the bug you reported is fixed in the latest version of squid3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 888...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated squid3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 18 Feb 2018 17:20:03 +0100 Source: squid3 Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi squid-purge Architecture: all source Version: 3.4.8-6+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 888719 888720 Description: squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility squid3 - Full featured Web Proxy cache (HTTP proxy) squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility Changes: squid3 (3.4.8-6+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * ESI: make sure endofName never exceeds tagEnd (CVE-2018-1000024) (Closes: #888719) * Fix indirect IP logging for transactions without a client connection (CVE-2018-1000027) (Closes: #888720) Checksums-Sha1: 137587c8ae97e80fc6fa79a72552cd01a7c9d7c9 2501 squid3_3.4.8-6+deb8u5.dsc e08ada6fc5ee6bb2f81b66226909f96c606e5ffc 41736 squid3_3.4.8-6+deb8u5.debian.tar.xz 43b054ce99041c0c4616a6d0392279f999f350ec 258654 squid3-common_3.4.8-6+deb8u5_all.deb Checksums-Sha256: 912451725b69ef760bd78fa1d257d307fdce6ea00dcbc946c7b0c875c6b62b3c 2501 squid3_3.4.8-6+deb8u5.dsc fe530e459717e4079aebf945962e492f7394255f374c6b0af287db076dfc9338 41736 squid3_3.4.8-6+deb8u5.debian.tar.xz a098ec628df571c3f21f5f500290f3f655138d55af6a26d049ccf11f8a9d4aac 258654 squid3-common_3.4.8-6+deb8u5_all.deb Files: ebae40e54309fbad44a7c9f5b8913fba 2501 web optional squid3_3.4.8-6+deb8u5.dsc f3cca72fc077be94ad5e1f94fd4c30c0 41736 web optional squid3_3.4.8-6+deb8u5.debian.tar.xz 38871935ae897f3a6f570eb1fd2de8ba 258654 web optional squid3-common_3.4.8-6+deb8u5_all.deb -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqJq2RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EtKkQAIuBQ7jwJFQphEhNMLiCo607J6RbQku0 vpYH7SbYhy2jn+mLtRsLI9eNJzi03eWOvRnetPuszVB1KlzZX8nC21Ugx3Pa/mdt kdSTezoZe8HiJXeyBHMhUPeOWmda6AOEybZbiVetHHWsCFM1do0VnCW9SoWWdfPg KNedcp89dVLhGOEYAGPr6A59EJ+qjHvWptlGc71UAHWS66SBbiMVKHF7vxkiBU5j mT/xOSZa1ftotx2x0fm/MeqjdJ30QHdCkm4+3vJbaG7G1h+4MQWdTtCuyav0iMmy HmItgfP+qiuyJOPciwHT8PeHuEWeBxBPb0D/0mzi6ob6ZZLWVhmIzPH48A1hzbrm TEn7QCuOh6HIgnQTGgkjp5N1bbHO52zzIyk7ecq/tCCwH6q1lKnYWkf+iLZHIl3T g28B9/Zi7YjOyKQztgaHSZmm0obSVTvKK267fKanBGJUThV14apS50swFNjKIipS BWYF01rPThwDjh1Wwp4emTl2keT3f+gpVqPq0kY69Y4ucXtReKpVNioY7Mk7B2TO +UKjKSgWq3eDeNp7RqrkPQjbbFbaLoMa0cKNsqb5klL3wII3EBsDLUPkuFP8dZIs Kd8zBQJ2bTElAp4iOYwYjALMD/Wl4vHCSkvVUQ2MxASPte777SmXJhe6pPV2LzWY KV6kZSWMj0Ev =2u6E -----END PGP SIGNATURE-----
--- End Message ---
