Your message dated Tue, 05 Feb 2013 22:33:04 +0000 with message-id <e1u2r4a-0007mv...@franck.debian.org> and subject line Bug#696187: fixed in squid3 3.1.20-2.1 has caused the Debian Bug report #696187, regarding CVE-2012-5643: cachemgr.cgi denial of service to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696187: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696187 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: squid-cgi Version: 3.1.20-2 Severity: important Tags: security http://www.squid-cache.org/Advisories/SQUID-2012_1.txt http://www.openwall.com/lists/oss-security/2012/12/17/3 Problem Description: Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of service attack when processing specially crafted requests. - Henri Salo
--- End Message ---
--- Begin Message ---Source: squid3 Source-Version: 3.1.20-2.1 We believe that the bug you reported is fixed in the latest version of squid3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Stapelberg <stapelb...@debian.org> (supplier of updated squid3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 05 Feb 2013 23:16:27 +0100 Source: squid3 Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi Architecture: source all amd64 Version: 3.1.20-2.1 Distribution: unstable Urgency: high Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Michael Stapelberg <stapelb...@debian.org> Description: squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid3 - Full featured Web Proxy cache (HTTP proxy) squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility Closes: 696187 Changes: squid3 (3.1.20-2.1) unstable; urgency=high . * Non-maintainer upload . * Urgency high due to security fixes . * debian/patches/30-CVE-2012-5643-CVE-2013-0189.patch - Added upstream fix for squid-cgi (cachemgr) memory leaks and denial of service vulnerability (Closes: #696187) Checksums-Sha1: a0ca698b161413fee7fe9c01aa28abd95dd9c629 2076 squid3_3.1.20-2.1.dsc ae6b931a399d398eaa37963a26f6ffc5c9f37f75 21881 squid3_3.1.20-2.1.debian.tar.gz a3e1806b1fc5f64f55c55bbd011f481cc477ce3a 200848 squid3-common_3.1.20-2.1_all.deb 3bdc5a1242dd21ab0b2ef9ae456bc5aeffcd4bfa 1638958 squid3_3.1.20-2.1_amd64.deb 87290672bf086fc3243bf31c97f48a763b8fe480 6960658 squid3-dbg_3.1.20-2.1_amd64.deb 73445f2b5e101478ce93ecfaecae058c93f2d3e2 111962 squidclient_3.1.20-2.1_amd64.deb b0dcc1f2701aef5086740f6286b1b2b959fdc494 115278 squid-cgi_3.1.20-2.1_amd64.deb Checksums-Sha256: 24d4937a3342d0cb6d4bcc21736f524974407ac813adff854190bf141b848f04 2076 squid3_3.1.20-2.1.dsc 6747e5c286a3f9735341ecfeee6a12d97cf327bf212029fd9fc0667417e2394b 21881 squid3_3.1.20-2.1.debian.tar.gz 037cd592139835d86014ede0d0af28b0ae95c55fb8ee26d99bed8ca1b9e4dd70 200848 squid3-common_3.1.20-2.1_all.deb b3eb3929183845f5da7490c93b3efc465c0cec4ce1cf504ae47aa2c08ee50e22 1638958 squid3_3.1.20-2.1_amd64.deb 324aee09f4cbbeed2cf6fea6ab98b1c28484a83aad92a77d74531a7b9fa9641d 6960658 squid3-dbg_3.1.20-2.1_amd64.deb 368eea78e5487c49b1fab06983e18deda9b8ae9650623a44ab19abef1468b254 111962 squidclient_3.1.20-2.1_amd64.deb 7e6123e334b79ff974e2a8548065c57630b6f55cf13b38eb5618f149b9d8d95f 115278 squid-cgi_3.1.20-2.1_amd64.deb Files: 8ebbfd2ee551c8480b40676bbe8a89d7 2076 web optional squid3_3.1.20-2.1.dsc 5c6cf0fbc64d59b2e79e056ab2376fa9 21881 web optional squid3_3.1.20-2.1.debian.tar.gz 5bb3503b67f93669181392bcf0e98527 200848 web optional squid3-common_3.1.20-2.1_all.deb 2516daa160e779a5ca87c6e812e9da13 1638958 web optional squid3_3.1.20-2.1_amd64.deb 03384d282ac70a02b704f8498e624621 6960658 debug extra squid3-dbg_3.1.20-2.1_amd64.deb 15167fcb596253441814ccdbd7411e69 111962 web optional squidclient_3.1.20-2.1_amd64.deb f1b0c8be7957d8edcf741a097efb5918 115278 web optional squid-cgi_3.1.20-2.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJREYUsAAoJEE5xYO1KyO4dS+kP/2lpUH4IlcZ4G8vkoJzM6qgP 2kTdhWsYVeS48ckBDZObXwVz4pcWqHdXUaMTc/Sz6bDVVoEUTdBPAbyuGCOFeePr RJ34vnzihxCzcAQsr/iltebRSJAaFJMWAvMDrR5ZmHr8vKKoKIB0Erv5ascYzxbF Vogx0qghExzK3hMUbs9KlXqtzKxmH4Cq2ET9agphLHHqS05D7tCiEskL4mmNf0YY vt1Wxl4qsGxj9vx1YJttwHpPhXYNS9iN45SS/wbnHpl2fa72mV3qJNc1KK+2sFjt nq43cBF1+65IBC+bi3YJOdQ3THMnJRSBpmZZSMJQnUkjST5sneBpR2dlEu/ZNl4d lDfyOSuA+G70+ZVe/2gqVXLgFzhfKZ353yZ11owKsPKZSjWSvC2BGY51mYz+Nk7D qwImJPhAOp5qjwjlvrNuf0MP2iE+281pk4C3xvyKRby5+H0hrAOuthm1IjhfkkBl iufAtzSk3i21yS5WCK1sPx7N7mH1AKKVBh4Y5Di+hETj70LmvLFbO7WonDHe1O1x Vdsvx+MTYZ79zkapGZRJSGEP5pOpcXqF0i32eA5SlkqGP8d4uFVHtCdTpd5kOV1V v4rH+CbdVJuNgkZTfxKGVeQt4yyArfXBcajqjwQ0O6HntqHMiIgeYmcFtofKWCb9 bdceOvwssoOTk5jD1XcO =cid9 -----END PGP SIGNATURE-----
--- End Message ---
