Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service
Ciao Salvatore, Thanks a lot for your NMU. I really appreciate your help. Regards, L Il giorno 18/feb/2013, alle ore 19:56, Salvatore Bonaccorso car...@debian.org ha scritto: Hi Luigi squid3 in stable is still affected by #696187: cachemgr.cgi denial of service. Could you prepare an upload for CVE-2012-5643 and subsequent CVE-2013-0189 targeting stable-security for a DSA? Note that the initial patch was incomplete and the full fix is at [1]. [1]: http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch Regards, Salvatore -- Luigi Gangitano -- lu...@debian.org -- gangit...@lugroma3.org GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972 C24A F19B A618 924C 0C26 GPG: 4096R/2BA97CED: 8D48 5A35 FF1E 6EB7 90E5 0F6D 0284 F20C 2BA9 7CED -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service
Ciao Luigi On Sat, Feb 23, 2013 at 04:41:51PM +0100, Luigi Gangitano wrote: Ciao Salvatore, Thanks a lot for your NMU. I really appreciate your help. Thank you for your feedback! I now also would have the package ready targeting stable-security. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service
Please go ahead and submit it to debian-security. Regards, L Il giorno 23/feb/2013, alle ore 17:25, Salvatore Bonaccorso car...@debian.org ha scritto: Ciao Luigi On Sat, Feb 23, 2013 at 04:41:51PM +0100, Luigi Gangitano wrote: Ciao Salvatore, Thanks a lot for your NMU. I really appreciate your help. Thank you for your feedback! I now also would have the package ready targeting stable-security. Regards, Salvatore -- Luigi Gangitano -- lu...@debian.org -- gangit...@lugroma3.org GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972 C24A F19B A618 924C 0C26 GPG: 4096R/2BA97CED: 8D48 5A35 FF1E 6EB7 90E5 0F6D 0284 F20C 2BA9 7CED -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service
Hi Luigi squid3 in stable is still affected by #696187: cachemgr.cgi denial of service. Could you prepare an upload for CVE-2012-5643 and subsequent CVE-2013-0189 targeting stable-security for a DSA? Note that the initial patch was incomplete and the full fix is at [1]. [1]: http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service
On Tue, 22 Jan 2013 17:37:10 +0100 Moritz Muehlenhoff j...@inutil.org wrote: Note that the initial fix was incorrect: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0189 I have integrated this upstream patch (which adresses CVE-2012-5643 and CVE-2013-0189): http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch Because the maintainer has not reacted to this bugreport at all for nearly 2 months, I have directly NMUed the package. -- Best regards, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service
severity grave 696187 thanks On Mon, Dec 17, 2012 at 09:36:27PM +0200, Henri Salo wrote: Package: squid-cgi Version: 3.1.20-2 Severity: important Tags: security http://www.squid-cache.org/Advisories/SQUID-2012_1.txt http://www.openwall.com/lists/oss-security/2012/12/17/3 Problem Description: Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of service attack when processing specially crafted requests. Note that the initial fix was incorrect: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0189 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#696187: CVE-2012-5643: cachemgr.cgi denial of service
Package: squid-cgi Version: 3.1.20-2 Severity: important Tags: security http://www.squid-cache.org/Advisories/SQUID-2012_1.txt http://www.openwall.com/lists/oss-security/2012/12/17/3 Problem Description: Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of service attack when processing specially crafted requests. - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org