Your message dated Mon, 24 Aug 2020 15:49:31 +0000
with message-id <[email protected]>
and subject line Bug#968932: fixed in squid 4.13-1
has caused the Debian Bug report #968932,
regarding squid: CVE-2020-15811: SQUID-2020:8 HTTP(S) Request Splitting
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
968932: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968932
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: squid
Version: 4.12-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for squid.
CVE-2020-15811[0]:
| SQUID-2020:8 HTTP(S) Request Splitting
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-15811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15811
[1] https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
[2] http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_8.patch
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: squid
Source-Version: 4.13-1
Done: Luigi Gangitano <[email protected]>
We believe that the bug you reported is fixed in the latest version of
squid, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luigi Gangitano <[email protected]> (supplier of updated squid package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 24 Aug 2020 17:27:54 +0200
Source: squid
Architecture: source
Version: 4.13-1
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano <[email protected]>
Changed-By: Luigi Gangitano <[email protected]>
Closes: 968101 968932 968933 968934
Changes:
squid (4.13-1) unstable; urgency=high
.
[ Amos Jeffries <[email protected]> ]
* New Upstream Release
- Fixes security issue SQUID-2020:8 (CVE-2020-15811) (Closes: #968932)
- Fixes security issue SQUID-2020:9 (Closes: #968933)
- Fixes security issue SQUID-2020:10 (CVE-2020-15810) (Closes: #968934)
.
* debian/squid.rc: Fix several typos (Closes: #968101)
Checksums-Sha1:
0733406e2637dc480a7dea9e787ade3b2353b3e9 2888 squid_4.13-1.dsc
cac95c18789e9ecd6620c2f278fc3900498c065b 2452752 squid_4.13.orig.tar.xz
261059cb4dbcc5e4dae7961c9bf334ba6c24cc4f 1194 squid_4.13.orig.tar.xz.asc
f3c9c5f32231a326a38ea307fcabf21531097e69 40080 squid_4.13-1.debian.tar.xz
bd78e2341136ec39cec4b1c72b9d1373e2d8a7da 8891 squid_4.13-1_amd64.buildinfo
Checksums-Sha256:
b4172add09b63869397da29f499a0d0bb4999915eef16641536f99331503197b 2888
squid_4.13-1.dsc
6891a0f540e60779b4f24f1802a302f813c6f473ec7336a474ed68c3e2e53ee0 2452752
squid_4.13.orig.tar.xz
3e145c4af6322ff55bf299ff166c824c092ba2b62f822c8fdd7f885ec90c2ad2 1194
squid_4.13.orig.tar.xz.asc
af3b98049828c63bc2f791b24f0db71f09ed418b9b255cb6c581aa8566bc39e4 40080
squid_4.13-1.debian.tar.xz
378a262895db0a7c4139ad29c213442723d59740efa4a4076caebe4e7619ba98 8891
squid_4.13-1_amd64.buildinfo
Files:
6627effd8dc619b99008bd7fec8b1c0a 2888 web optional squid_4.13-1.dsc
492e54afc15821141ff1d1d9903854d6 2452752 web optional squid_4.13.orig.tar.xz
4be8191f3ce8e4891bc371cc1e72327d 1194 web optional squid_4.13.orig.tar.xz.asc
f7634e5b5f28dc1a1bd4d73667e0f9d0 40080 web optional squid_4.13-1.debian.tar.xz
eba3db2deafc987c6c406ad73becb14c 8891 web optional squid_4.13-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEjUhaNf8ebreQ5Q9tAoTyDCupfO0FAl9D3vEACgkQAoTyDCup
fO1spg//cmouO8WtaKyf6vpQ9FurVO/9eVGD3TN1HqqEjChfkboYzKkhZiUKl0OR
CmH1mVE2RoFA3pix2twfLJlxD+/K3EkcQojW7uTKaTMSNgUT7Uum9WUhk9eBWEvz
LFApn4otZJqqt6OnrU5WHYW4T04dv3hdpSkv+jCYeT8auvVoBnimxyK3lXcffwWc
PwhjIKc7JM/C6dSp9KUJKFtSOaxODfgKREwzVC1mHfHvwdAbClAETZuFvRItCuMj
syJwRhmmdNodDndZaD5bfqErlwU1MaBJ+5iOvRzCZPEI4d+0QnrJVcq7sX1T5RJp
pjQ7tozLErN71v3V5jbgApW471X8hPMr4Lt4gIHZm3Fu5kIEDCrSed8S/Be9qV/1
zwh60/ubA1zVecTvDVMgca5+EWtXcFquvRag1rSSWOLHD4lHwKLtQ2Zm2Ydx8pHF
sdVAJZelbgYk8RYJNnP5HaZult9yYvZkLMMwgxjDesfHAMKFaVm9dYmkMTeFuHYt
Iw6YvaE3UPYKBF+lpidA4obmyhmF69JPCH2x1e9PxfY9L6PgfFDoJOhC6SknnXdX
BZOG7XjBIDUSdYwxl4PF4chfxhNnlvmN0+FAxLktVyriHgl47vnXeT9x4q6ugwS5
UW0XJGFVI3SPUHcSRpfi/Lq4rKbHj13f7Ton2qGTQExlf2gq5zA=
=Y8QQ
-----END PGP SIGNATURE-----
--- End Message ---
