Your message dated Thu, 09 Nov 2023 20:50:01 +0000 with message-id <e1r1byt-00acem...@fasolo.debian.org> and subject line Bug#1055251: fixed in squid 6.5-1 has caused the Debian Bug report #1055251, regarding squid: CVE-2023-46848: SQUID-2023:5 Denial of Service in FTP to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1055251: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055251 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: squid Version: 6.3-1 Severity: grave Tags: security patch X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Hi, https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2725 links to a bunch of squid advisories, three of which have CVSS scores of 9+: https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255 https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh Squid 6.4 includes the fix; patches for 6.3 are provided, but don't apply cleanly to the Debian sources. Please package a non-vulnerable version ASAP. Thanks! AndrĂ¡s -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (350, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Init: runit (via /run/runit.stopit) LSM: AppArmor: enabled -- Computers are not intelligent. They only think they are.
--- End Message ---
--- Begin Message ---Source: squid Source-Version: 6.5-1 Done: Luigi Gangitano <lu...@debian.org> We believe that the bug you reported is fixed in the latest version of squid, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1055...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Luigi Gangitano <lu...@debian.org> (supplier of updated squid package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 9 Nov 2023 15:04:20 +0100 Source: squid Architecture: source Version: 6.5-1 Distribution: unstable Urgency: high Maintainer: Luigi Gangitano <lu...@debian.org> Changed-By: Luigi Gangitano <lu...@debian.org> Closes: 1053557 1054537 1055249 1055250 1055251 1055252 Changes: squid (6.5-1) unstable; urgency=high . [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release 6.5 Fixes: CVE-2023-46846. SQUID-2023:1 (Closes: #1054537) Fixes: CVE-2023-5842. SQUID-2023:2 (Closes: #1055249) Fixes: CVE-2023-46847. SQUID-2023:3 (Closes: #1055250) Fixes: CVE-2023-46724. SQUID-2023:4 (Closes: #1055252) Fixes: CVE-2023-46848. SQUID-2023:5 (Closes: #1055251) Fixes: CVE-2019-18860. SQUID-2023:6 Cross Site Scripting in cachemgr.cgi Fixes: SQUID-2023:7 Denial of Service in HTTP Message processing Fixes: SQUID-2023:8 Denial of Service in Helper Process management . * Update debian/tests/upstream-test-suite for new version (Closes: #1053557) Checksums-Sha1: 4a97d86ab0b788cbb5990cb2e914f34730efa5a9 2919 squid_6.5-1.dsc 07a08394625948750264778c82e19cf24ea7cb1f 2554492 squid_6.5.orig.tar.xz f63fc50c12097db110213552d011d65927e20fa7 1193 squid_6.5.orig.tar.xz.asc c18184780487665894ec328aa85b9f3dade47f4d 43144 squid_6.5-1.debian.tar.xz 60b101da9a8cbcf7e531d4afecbef9856417542c 9610 squid_6.5-1_arm64.buildinfo Checksums-Sha256: ca5c65c1bb115c267bfdbb00bb603cd40a302ef6da18fbbd2936336f55210929 2919 squid_6.5-1.dsc 5070f8a3ae6666870c8fc716326befb0a1abe8b5ff3a6f3932cbc5543d7c8549 2554492 squid_6.5.orig.tar.xz a6b2da4f95c3d968a17dc567273835b2300fff0acd71d339f6eb52e0da3d6b17 1193 squid_6.5.orig.tar.xz.asc 14fd7a36867894b38e033b4d7a58eed8acef082c0deaf63588193795be1b2054 43144 squid_6.5-1.debian.tar.xz 3846de794f967e1c67b09579e2940185d8ec4eff5d256b789be5a63e5046e835 9610 squid_6.5-1_arm64.buildinfo Files: 53e46cfc36079fd503ccd1036b5dcae2 2919 web optional squid_6.5-1.dsc da2797d899cf538fab7f504fdf3c18bf 2554492 web optional squid_6.5.orig.tar.xz ed2de0539e6859f67d5388b6fff63f1a 1193 web optional squid_6.5.orig.tar.xz.asc bcd628808bce9a0e2c512fcaa2f489af 43144 web optional squid_6.5-1.debian.tar.xz f0d89f6ac2aae51c6c76616798e08582 9610 web optional squid_6.5-1_arm64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjUhaNf8ebreQ5Q9tAoTyDCupfO0FAmVNQWoACgkQAoTyDCup fO1YrA/+Ltcpzs3xNvFSQmc8tbckoNJjTCDHOgh+Q8/mrtuIabqVlGvwgnIvbkYF qZ2JAw1j3rUEN6HZecODnyt2ZpLNpwTRWb5qz0KvGvV+B37oPzmK+b5JxlUvo8Ce JVIutAJ0L5i1Q/H8qwYf7cIQzagBJ1AcmP+bc0hNnqNCR5hQ5ABTzB4nvvlcPOur 4GWYRtU+jeg6G+j+moe8juKT1GK1Cj4eFb+13FhL/RPo7zlBmoyQQ/OE4vaBeEUI jrvp41HnPQWenHGhbtC2YGsrX9/UxgO0cQN4Qfk2B+x+El7dQciyeAHEgcBakqZG KEsP6wwA6u3P+ec6RRog0bOm7MMSdZubRlr0bpi547iP2eysoQjSZve5EhoTg0rl DaL7vHV5d83kyL37vGBTxhpBvnmA7Ck3ToPGBzUOTEXWLHt5lpP/6Jx0A0eYQmiH eSfcBTqau6ZonHGt6vsHLC+4oGRqxQgLuPvIvoPa8e3NZCTzkEFQXet7du4CNJl7 3O0WS9yUV1J/w4uYt4aCWCAIeOx5BvmPF1DcBrosyWX7MOeMU9IPfR91N7u8i+Zj RV2rCuh6NEE1hqvbPROGtehe4silaND2QuE2TD4tclKRVuNx9Pl6vJc0HBXgsv4y CtKiUF9PYDdCtWm0qE098dEB5fYQf2bOgWOn1bWep7gcvKN15Io= =+48Y -----END PGP SIGNATURE-----
--- End Message ---
