Your message dated Fri, 23 Feb 2018 16:47:59 +0000
with message-id <e1epgvr-000ive...@fasolo.debian.org>
and subject line Bug#888720: fixed in squid3 3.4.8-6+deb8u5
has caused the Debian Bug report #888720,
regarding squid3: CVE-2018-1000027: SQUID-2018:2 Denial of Service issue in 
HTTP Message processing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
888720: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888720
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: squid3
Version: 3.5.23-5
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for squid3.

CVE-2018-1000027[0]:
SQUID-2018:2 Denial of Service issue in HTTP Message processing

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-1000027
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000027
[1] http://www.squid-cache.org/Advisories/SQUID-2018_2.txt

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: squid3
Source-Version: 3.4.8-6+deb8u5

We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 888...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated squid3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 18 Feb 2018 17:20:03 +0100
Source: squid3
Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi squid-purge
Architecture: all source
Version: 3.4.8-6+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Luigi Gangitano <lu...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 888719 888720
Description: 
 squid-cgi  - Full featured Web Proxy cache (HTTP proxy) - control CGI
 squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
 squid3     - Full featured Web Proxy cache (HTTP proxy)
 squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files
 squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Changes:
 squid3 (3.4.8-6+deb8u5) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * ESI: make sure endofName never exceeds tagEnd (CVE-2018-1000024)
     (Closes: #888719)
   * Fix indirect IP logging for transactions without a client connection
     (CVE-2018-1000027) (Closes: #888720)
Checksums-Sha1: 
 137587c8ae97e80fc6fa79a72552cd01a7c9d7c9 2501 squid3_3.4.8-6+deb8u5.dsc
 e08ada6fc5ee6bb2f81b66226909f96c606e5ffc 41736 
squid3_3.4.8-6+deb8u5.debian.tar.xz
 43b054ce99041c0c4616a6d0392279f999f350ec 258654 
squid3-common_3.4.8-6+deb8u5_all.deb
Checksums-Sha256: 
 912451725b69ef760bd78fa1d257d307fdce6ea00dcbc946c7b0c875c6b62b3c 2501 
squid3_3.4.8-6+deb8u5.dsc
 fe530e459717e4079aebf945962e492f7394255f374c6b0af287db076dfc9338 41736 
squid3_3.4.8-6+deb8u5.debian.tar.xz
 a098ec628df571c3f21f5f500290f3f655138d55af6a26d049ccf11f8a9d4aac 258654 
squid3-common_3.4.8-6+deb8u5_all.deb
Files: 
 ebae40e54309fbad44a7c9f5b8913fba 2501 web optional squid3_3.4.8-6+deb8u5.dsc
 f3cca72fc077be94ad5e1f94fd4c30c0 41736 web optional 
squid3_3.4.8-6+deb8u5.debian.tar.xz
 38871935ae897f3a6f570eb1fd2de8ba 258654 web optional 
squid3-common_3.4.8-6+deb8u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqJq2RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EtKkQAIuBQ7jwJFQphEhNMLiCo607J6RbQku0
vpYH7SbYhy2jn+mLtRsLI9eNJzi03eWOvRnetPuszVB1KlzZX8nC21Ugx3Pa/mdt
kdSTezoZe8HiJXeyBHMhUPeOWmda6AOEybZbiVetHHWsCFM1do0VnCW9SoWWdfPg
KNedcp89dVLhGOEYAGPr6A59EJ+qjHvWptlGc71UAHWS66SBbiMVKHF7vxkiBU5j
mT/xOSZa1ftotx2x0fm/MeqjdJ30QHdCkm4+3vJbaG7G1h+4MQWdTtCuyav0iMmy
HmItgfP+qiuyJOPciwHT8PeHuEWeBxBPb0D/0mzi6ob6ZZLWVhmIzPH48A1hzbrm
TEn7QCuOh6HIgnQTGgkjp5N1bbHO52zzIyk7ecq/tCCwH6q1lKnYWkf+iLZHIl3T
g28B9/Zi7YjOyKQztgaHSZmm0obSVTvKK267fKanBGJUThV14apS50swFNjKIipS
BWYF01rPThwDjh1Wwp4emTl2keT3f+gpVqPq0kY69Y4ucXtReKpVNioY7Mk7B2TO
+UKjKSgWq3eDeNp7RqrkPQjbbFbaLoMa0cKNsqb5klL3wII3EBsDLUPkuFP8dZIs
Kd8zBQJ2bTElAp4iOYwYjALMD/Wl4vHCSkvVUQ2MxASPte777SmXJhe6pPV2LzWY
KV6kZSWMj0Ev
=2u6E
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to