Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

squid3: CVE-2016-2569 CVE-2016-2570 CVE-2016-2571

Related Vulnerabilities: CVE-2016-2569   CVE-2016-2570   CVE-2016-2571  

Source

Debian Bug report logs - #816011
squid3: CVE-2016-2569 CVE-2016-2570 CVE-2016-2571

version graph

Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Fri, 26 Feb 2016 16:36:01 UTC

Severity: important

Tags: fixed-upstream, patch, security, upstream

Found in version squid3/3.1.20-2.2

Fixed in version squid3/3.5.15-1

Done: Luigi Gangitano <luigi@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Luigi Gangitano <luigi@debian.org>:
Bug#816011; Package src:squid3. (Fri, 26 Feb 2016 16:36:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Luigi Gangitano <luigi@debian.org>. (Fri, 26 Feb 2016 16:36:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: squid3: CVE-2016-2569 CVE-2016-2570 CVE-2016-2571
Date: Fri, 26 Feb 2016 17:32:09 +0100
Source: squid3
Version: 3.1.20-2.2
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

CVE-2016-2569, CVE-2016-2570 and CVE-2016-2571 were assigned for
squid3, cf. http://www.openwall.com/lists/oss-security/2016/02/26/2

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-2569
[1] https://security-tracker.debian.org/tracker/CVE-2016-2570
[2] https://security-tracker.debian.org/tracker/CVE-2016-2571

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Added tag(s) pending. Request was from Amos Jeffries <squid3@treenet.co.nz> to control@bugs.debian.org. (Sun, 28 Feb 2016 19:00:04 GMT) (full text, mbox, link).

Reply sent to Luigi Gangitano <luigi@debian.org>:
You have taken responsibility. (Tue, 01 Mar 2016 22:30:08 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Tue, 01 Mar 2016 22:30:08 GMT) (full text, mbox, link).

Message #12 received at 816011-close@bugs.debian.org (full text, mbox, reply):

From: Luigi Gangitano <luigi@debian.org>
To: 816011-close@bugs.debian.org
Subject: Bug#816011: fixed in squid3 3.5.15-1
Date: Tue, 01 Mar 2016 22:27:14 +0000
Source: squid3
Source-Version: 3.5.15-1

We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 816011@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luigi Gangitano <luigi@debian.org> (supplier of updated squid3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 Mar 2016 19:39:00 +0100
Source: squid3
Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge
Architecture: source amd64 all
Version: 3.5.15-1
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano <luigi@debian.org>
Changed-By: Luigi Gangitano <luigi@debian.org>
Description:
 squid      - Full featured Web Proxy cache (HTTP proxy)
 squid-cgi  - Full featured Web Proxy cache (HTTP proxy) - control CGI
 squid-common - Full featured Web Proxy cache (HTTP proxy) - common files
 squid-dbg  - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
 squid3     - Transitional package
 squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 816011
Changes:
 squid3 (3.5.15-1) unstable; urgency=high
 .
   [ Amos Jeffries <amosjeffries@squid-cache.org> ]
   * New Upstream Release
     - Fixes security issues SQUID-2016:2
       (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571)
       (Closes: #816011)
 .
   * debian/patches/03-upstream-bug4447.patch
     - add upstream patch for their bug #4447
 .
   [ Robie Basak <robie.basak@canonical.com> ]
   * debian/control
     - Add lsb-release build dep. This is required for the --enable-build-info
       line in debian/rules to work correctly.
 .
   * debian/squid.logrotate
     - Run sarg-reports if present before rotating logs.
 .
 .
   [ Luigi Gangitano <luigi@debian.org> ]
   * debian/control
     - Bumped Standards-Version to 3.9.7, no change needed
Checksums-Sha1:
 652e56fbb7ce64a84181f0816774447bd2339a70 2344 squid3_3.5.15-1.dsc
 cadc5fd9120735fc4b920bb3ffb6555eb33c6a31 4715114 squid3_3.5.15.orig.tar.gz
 ee9650671ce8c48a9a1b6e19561d30eb36b9c87b 26464 squid3_3.5.15-1.debian.tar.xz
 e49cc7b810aac7f2c9796e9f632a1306204eec41 160186 squid-cgi_3.5.15-1_amd64.deb
 ec9814b52dc4d85276bf03cb101785dfec6e3429 280788 squid-common_3.5.15-1_all.deb
 c8c98fd5638ee1179bdd7f43bc67c4bebaace98c 11695108 squid-dbg_3.5.15-1_amd64.deb
 8f9792616816ea03aa88286e4182f08cff85282a 154420 squid-purge_3.5.15-1_amd64.deb
 4a55c6bed715f01b298a1d12a2d55d6ff203f96f 136456 squid3_3.5.15-1_all.deb
 6c1e272e5761fcfafac7d90a4d0cf4bdaa66bd00 2417814 squid_3.5.15-1_amd64.deb
 c717b16ad1c16064162c5cdafbdfdb1135357dea 165706 squidclient_3.5.15-1_amd64.deb
Checksums-Sha256:
 2d41cee07df5b6e4e77f7000635f8355cf086c68bf2e2eb1c301054449cc1c5a 2344 squid3_3.5.15-1.dsc
 a6cde554812ac59663481b5b85b4321f7256d40ddef57c8dcef7ee9893dc220e 4715114 squid3_3.5.15.orig.tar.gz
 3b0c0a9e439bd1c69186eca883741647f509fb0307dda174b803d59682828640 26464 squid3_3.5.15-1.debian.tar.xz
 42b1a8b240ba968436042c29d0c667962c6a6c46ee44939a53423afa5d1b13b7 160186 squid-cgi_3.5.15-1_amd64.deb
 7fab6e29bc82c1ade240a4edca1c11db7d21043e538246f7d463c2c6584491b3 280788 squid-common_3.5.15-1_all.deb
 3f80cc8c4f7fe6c5acdd6f44eb14f48c832e43602185b8fc7081979e29b89eaa 11695108 squid-dbg_3.5.15-1_amd64.deb
 13c0af6670a856574a9d76a0c1d39e15ffa1d7469e8bf5065df1cfd3db8bf8a0 154420 squid-purge_3.5.15-1_amd64.deb
 28e233416d735c4d40e7551ae897c1d99497ef06b7f77949d5d4e217816d63da 136456 squid3_3.5.15-1_all.deb
 4bda1f4aa2cef599ec3d4812a6d688fd380f77ec79260d54b646222d8b3a62d9 2417814 squid_3.5.15-1_amd64.deb
 b036b09d887ff331340bd3e3b0fd7e08b2ec38b81b2fd4c18604a2f089f7f646 165706 squidclient_3.5.15-1_amd64.deb
Files:
 974966fcab2a2f76955b2799f15f05b2 2344 web optional squid3_3.5.15-1.dsc
 e64ab1e2caa07522234349ecb2a85158 4715114 web optional squid3_3.5.15.orig.tar.gz
 dd9222ff401a6cdcef7a9412369555a2 26464 web optional squid3_3.5.15-1.debian.tar.xz
 5afaf203a699ed8b0c453b471bf17852 160186 web optional squid-cgi_3.5.15-1_amd64.deb
 ef858ac4d94269f34bf8b14cfe514938 280788 web optional squid-common_3.5.15-1_all.deb
 a0a3d2452007ef96382080948873a740 11695108 debug extra squid-dbg_3.5.15-1_amd64.deb
 48eaabd4862da1ce29b836a6e94ebd63 154420 web optional squid-purge_3.5.15-1_amd64.deb
 fd51bd603e3b52e037dfa7233b673caa 136456 oldlibs extra squid3_3.5.15-1_all.deb
 46f48d3f3de778b9385787752e0528b5 2417814 web optional squid_3.5.15-1_amd64.deb
 b6c3280346a47eab04bb9eaae0d0bfd7 165706 web optional squidclient_3.5.15-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJW1e1vAAoJEAKE8gwrqXzt19EP/0IRhaRV5xG9DFMyAMTqI/3F
5ZriaUdGB9uRoLP4HfbtqHYJz3R1L0zN1YLfdrCL1K4GzDjKpN7STSO/MtkKMKs6
+qyU3/GNLkfpWJAsMlSz+2oMZDVYmd80/w95EY529k0zA+jBLZMvjkgCKZGa0WUu
Y/HO672lbZTa7tCkcTW30dOWuAkmw9I7wzeq3kii9wJjg/ONZ7aoGBD0t1vvvVlQ
y32LJ4JjOlJtjfIiQQtM2ZbThPr4NPy1n+JVx9bbP3VxlR9sfuXJsaNnQk9hU8NR
MOPn1EFQ1yQ/Ktc08X+KRtIWQoBVO9g07kgmYkeJqMpGN2zxCtbqLszeV6QaL+db
/80FVKRQSZDKzdO8l27blPFqLDCVQa5KLVE/WcYeIPm+0zjNofAYjY8ou3Xn8hUg
v7Xeu3in+MG+VQ5El8DZD8FCKB8/prrbYpahAm01ByXd7pTgQLoAwwBDmNrXodBt
VAe1yBNuOMLuJwySDFsKjYU9iA7Rcte/VkG6uHfbhKg4wouaYM4uCjzVc+/k4Wjc
RzNVJl8blFUPfd/VInE0KMNauzJfMvZY1eMIsSxX00FDs/+SZm/RL2fQYg3eyvb9
3TKu95vcvT95a8K+rB0YASlH2DQJVPT4itOe+sF+1FvtXT7gF8PusrwYizJZMyES
k5qN6mw7fPAowPrk0cXX
=70RV
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 02 Apr 2016 07:28:13 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:18:04 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started