squid3: CVE-2015-5400: information disclosure due to incorrect handling of peer responses

Debian Bug report logs - #793128
squid3: CVE-2015-5400: information disclosure due to incorrect handling of peer responses

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: squid3: CVE-2015-5400: information disclosure due to incorrect handling of peer responses

Date: Tue, 21 Jul 2015 16:52:18 +0200

Source: squid3
Version: 3.4.8-6
Severity: important
Tags: security upstream fixed-upstream

Hi,

the following vulnerability was published for squid3.

CVE-2015-5400[0]:
Improper Protection of Alternate Path

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-5400

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #12 received at 793128@bugs.debian.org (full text, mbox, reply):

From: Amos Jeffries <amos@treenet.co.nz>

To: 793128@bugs.debian.org

Subject: Re: squid3: CVE-2015-5400: information disclosure due to incorrect handling of peer responses

Date: Thu, 23 Jul 2015 00:43:50 +1200

On Tue, 21 Jul 2015 16:52:18 +0200 Salvatore Bonaccorso wrote:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2015-5400
>
> Please adjust the affected versions in the BTS as needed.

In the tracker page I see a note that "squid" packages are not affected
due to code not existing. This is incorrect.

Squid-2 and earlier versions have the vulnerable logic in src/ssl.c with
different symbol names. The function called sslProxyConnected()
initiates sslSetSelect() instead of continuing on with logics to
properly process the received response.

Amos

Message #17 received at 793128-close@bugs.debian.org (full text, mbox, reply):

From: Luigi Gangitano <luigi@debian.org>

To: 793128-close@bugs.debian.org

Subject: Bug#793128: fixed in squid3 3.5.6-1

Date: Thu, 23 Jul 2015 07:00:59 +0000

Source: squid3
Source-Version: 3.5.6-1

We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 793128@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luigi Gangitano <luigi@debian.org> (supplier of updated squid3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Jul 2015 23:24:00 +0200
Source: squid3
Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge
Architecture: source amd64 all
Version: 3.5.6-1
Distribution: unstable
Urgency: medium
Maintainer: Luigi Gangitano <luigi@debian.org>
Changed-By: Luigi Gangitano <luigi@debian.org>
Description:
 squid      - Full featured Web Proxy cache (HTTP proxy)
 squid-cgi  - Full featured Web Proxy cache (HTTP proxy) - control CGI
 squid-common - Full featured Web Proxy cache (HTTP proxy) - common files
 squid-dbg  - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
 squid3     - Dummy transitional package.
 squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 279840 294431 521053 565555 569575 576423 672156 714334 760303 779127 789774 793128
Changes:
 squid3 (3.5.6-1) unstable; urgency=medium
 .
   [ Amos Jeffries <amosjeffries@squid-cache.org> ]
   * New upstream release (Closes: #760303)
     - Fixed upstream macro issue that fail to pass reproducible builds test
     - Fixes CVE-2015-5400: Improper Protection of Alternate Path
       (Closes: #793128)
 .
   * Removed deprecated MSNT and MSNT-multi-domain authentication helpers
 .
   * Transition squid3 to squid
     - Renamed squid3 package to squid (Closes: #521053, #565555, #672156)
       (Closes: #294431, #569575, #714334, #279840, #576423, #779127)
     - Renamed squid3-common package to squid-common
     - Renamed squid3-dbg package to squid-dbg
     - Add dummy transitional package squid3
 .
   * debian/patches/
     - Removed patches included upstream and refresh others
 .
   * debian/squid3-cgi.dirs
     - Removed old unused packaging file
 .
   * debian/control
     - Add dependency on libgnutls28-dev for squidclient HTTPS support
 .
   [ Luigi Gangitano <luigi@debian.org> ]
   * debian/control
     - Changed dependency on libecap3-dev (Closes: #789774)
     - Made squid-common conflict and replace squid3-common
     - Fixed dependencies and sections of transitional packages
 .
   * {NEWS,README}.Debian
     - Added information on package name migration
Checksums-Sha1:
 a1855a58be91824ea0cc45ffa992c1890cbdd803 2311 squid3_3.5.6-1.dsc
 4c91da92cdbff7767f81cd2fcaf4787f590e6eb3 4855366 squid3_3.5.6.orig.tar.gz
 9e3e81fcefcf0daba1be829ef8458e1eba219f1b 23768 squid3_3.5.6-1.debian.tar.xz
 d38c90222a0e6579078bf15851a705c804de5b1b 157302 squid-cgi_3.5.6-1_amd64.deb
 a009e1c4660ab7414a747cd7f9aa476aff144267 275904 squid-common_3.5.6-1_all.deb
 f853855833f5b5b279b6af31a9b521e169b353ca 11392128 squid-dbg_3.5.6-1_amd64.deb
 d9ed4e75f216bd2461fce4fa98dd30339add5456 151616 squid-purge_3.5.6-1_amd64.deb
 bccccc7cf7abd551ff289865ffc31cd61c437f1b 133166 squid3_3.5.6-1_all.deb
 f899915cce3f2a8fb9ba44c334ba8b7306fda0cc 2291816 squid_3.5.6-1_amd64.deb
 65c9057578a543ab99704eb4780b8d8e9d034ad8 162138 squidclient_3.5.6-1_amd64.deb
Checksums-Sha256:
 6cfb07f12b9a69e8c1de94d365bef86f0475cd9083ddf5d63d7cf6a752beba6b 2311 squid3_3.5.6-1.dsc
 05b175ac076fe5e2aeb360fe877fce475e41b4dc7ee547e5ce533f0f68276aaf 4855366 squid3_3.5.6.orig.tar.gz
 f9d5cdf84ec4d819ce2bccffe52b305f9c6324215e26a2afc0943bbe250a3d09 23768 squid3_3.5.6-1.debian.tar.xz
 ea889d77e5d51f8b0b4ec6cabdfe0baeefcc60b9297a3d3af2223d847719b582 157302 squid-cgi_3.5.6-1_amd64.deb
 6b52523cee70c2cddaa96a8cdca4b6383b1daa70a572403a7f4737fd04cf5f8a 275904 squid-common_3.5.6-1_all.deb
 9e1ca85a1097a4d0c8e448f4cdc3dc5b3214485d1ac9cb51631483ef2c35cb71 11392128 squid-dbg_3.5.6-1_amd64.deb
 794267c7c8e1568499b870fe3dabaef5162b5c4fe3b1736e387a749bb4b8662b 151616 squid-purge_3.5.6-1_amd64.deb
 4868372118ed78821c0c237c96c7b128466d7bf9ac70ad41c17ab281e69c34dc 133166 squid3_3.5.6-1_all.deb
 ece6d97dafb6a26faf32a4b619fe1736b131fa0e3d132ca0f8e6411ce01128e1 2291816 squid_3.5.6-1_amd64.deb
 0308512abd6ca067d6ce0be848624fae7b0cbdccfb36a09ccbc43d37588fde37 162138 squidclient_3.5.6-1_amd64.deb
Files:
 42704db2872389dd4cfda66a4deb723d 2311 web optional squid3_3.5.6-1.dsc
 dfc944559d38578fda0f2f5feb1fd693 4855366 web optional squid3_3.5.6.orig.tar.gz
 b6e843be4d3c8c3a2dc40b8ebdbf7610 23768 web optional squid3_3.5.6-1.debian.tar.xz
 9b0ebc765947a904c8ceeab4ed7d4540 157302 web optional squid-cgi_3.5.6-1_amd64.deb
 86cfb6857e057790b7b42ff5097717d8 275904 web optional squid-common_3.5.6-1_all.deb
 88c46f387d6af3fc076d12c7b89c299e 11392128 debug extra squid-dbg_3.5.6-1_amd64.deb
 29741a7c7f1220cffc3f958ac5731c6a 151616 web optional squid-purge_3.5.6-1_amd64.deb
 e2f00897577bdd4baa82952b278410ae 133166 oldlibs extra squid3_3.5.6-1_all.deb
 86347ea93d810bba2b8fa9e9e581cbb0 2291816 web optional squid_3.5.6-1_amd64.deb
 21a1b928ae4fcdf4c1afc13d3fdb3446 162138 web optional squidclient_3.5.6-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVsA1pAAoJEAKE8gwrqXztUNsP/3rDZ3hnUlrJHaARfRnDZ22V
AQwtmkh9+sGlhJYpXA/+RWZc9wm7sndu0QEfmPzAoLPc3Tp3KICfvMdIhdY4HMqw
lxiEj9GY8rRmYjqcGJXMXuQPavM3Q9IF2b3hEu6+2tZ8EVS/szcJhD4Bqu+k8EX6
pmNA+SXbpqBqDW07lgNBOyZmOlQbN9xU9QlP+7hKlkzrVTzDnr8QiszycRSFvAit
hctEu0O/cmi2g+QziOEcoTO/BVRVgGRNbWyA6zDJWkUdXaDSg8wMOzGgRRDv7rRl
rCeBSXqPP88c0co68XYgUlTjG4dTwqMhGY/qmLi04/SkKhRntCe+WaAXkTF3i9Zd
ZkOqwahuOFXR2Fm+2OAMbCwPaEyU+5rivaxJxC4tK5LlvFuuBZhgjDkBJd2cz7dw
rx6vUjepDZzELQKmIHfjUK4A/GPwbydUMr6yA9vyFols83sy3sgNx9Ys7pB/ISnH
NdwEMZ87frhKiSP0VNhiRsE/CsRLOMIFBOFGdq+A59TC05ecxp8kiIy0MGD5HjhF
NNUxR8fND9pFnjMB38UrCOPkEc56wU+oPwPl0fyGT01Bm6KEqiW+LVvEbnqebvbs
8Kmw6cJOlBlsLnIoXr4jzp5pwolz/Oum914+FUvgTfGKPuHchgeu3D02f08X77zx
FSm9GWkvvQrIJHXzljIv
=wnfM
-----END PGP SIGNATURE-----

Message #24 received at 793128-close@bugs.debian.org (full text, mbox, reply):

From: Luigi Gangitano <luigi@debian.org>

To: 793128-close@bugs.debian.org

Subject: Bug#793128: fixed in squid3 3.4.8-6+deb8u1

Date: Tue, 04 Aug 2015 21:47:06 +0000

Source: squid3
Source-Version: 3.4.8-6+deb8u1

We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 793128@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luigi Gangitano <luigi@debian.org> (supplier of updated squid3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Jul 2015 18:36:08 +0200
Source: squid3
Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi squid-purge
Architecture: source all amd64
Version: 3.4.8-6+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Luigi Gangitano <luigi@debian.org>
Changed-By: Luigi Gangitano <luigi@debian.org>
Description:
 squid-cgi  - Full featured Web Proxy cache (HTTP proxy) - control CGI
 squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
 squid3     - Full featured Web Proxy cache (HTTP proxy)
 squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files
 squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 793128
Changes:
 squid3 (3.4.8-6+deb8u1) jessie-security; urgency=high
 .
   [ Luigi Gangitano <luigi@debian.org> ]
   * debian/patches/36-squid-3.4-13225.patch
     - Added upstream patch fixing Improper Protection of Alternate Path
       (Ref: SQUID-2015:2, CVE-2015-5400) (Closes: #793128)
Checksums-Sha1:
 df043d8dac5bc0ac01c8c7b7b0f43edad464f4de 2299 squid3_3.4.8-6+deb8u1.dsc
 4a5fec155d91f3d9eedf16ea474970e293699cc9 3042254 squid3_3.4.8.orig.tar.bz2
 45343d024d46ae54fd5c934a0c7c58997bad1dbc 32128 squid3_3.4.8-6+deb8u1.debian.tar.xz
 5447338093de49a3c3eafb8ea5a85767d0513899 258118 squid3-common_3.4.8-6+deb8u1_all.deb
 5a4be1f16a720cc5016e9a2c76924c4bb34a8858 2069056 squid3_3.4.8-6+deb8u1_amd64.deb
 122499c8942927cb14e94085815f88b91bcbb05c 8659204 squid3-dbg_3.4.8-6+deb8u1_amd64.deb
 7e9eab691625d9595915707e2b57718df3cab98a 140356 squidclient_3.4.8-6+deb8u1_amd64.deb
 c4098c7733f7d51a425f4531e7ffc2f5bc91ff7c 143226 squid-cgi_3.4.8-6+deb8u1_amd64.deb
 1b1941c88286ec4ed9bb62e897d5fddd700fd00f 138888 squid-purge_3.4.8-6+deb8u1_amd64.deb
Checksums-Sha256:
 6efbcd4d9abfa1c1b9c45db2fc297f3737c0814919a5e872cd89bfc4b565c6b7 2299 squid3_3.4.8-6+deb8u1.dsc
 d0534c1cb6ad7de9e2c9f3fc192df92d4c454e3e4c5e00c5086997709153c455 3042254 squid3_3.4.8.orig.tar.bz2
 ffe6debc50333b8cedac8be0216b3b8ba8fc99e6daf740fdcb41c0ac45a9a772 32128 squid3_3.4.8-6+deb8u1.debian.tar.xz
 031ed439c63ecfe41edc8d6e7b2c97aa2f4a9ef08cd4dc89ce14d7d90d7d41f4 258118 squid3-common_3.4.8-6+deb8u1_all.deb
 00fbc6b07503fc9e21a47a2c54d187daaf3122382118320c89c23925d74ac49a 2069056 squid3_3.4.8-6+deb8u1_amd64.deb
 28f56c3c951854eb1603410cb621e98928888f42ec93048f5af388450aa0aa26 8659204 squid3-dbg_3.4.8-6+deb8u1_amd64.deb
 b0d0422c98c46dca271158e2b99d59c78e4a70518884d684e3a916969ca21d4b 140356 squidclient_3.4.8-6+deb8u1_amd64.deb
 d1d11ab95ae9ddff3a6cd532d52a770030061860f8c600861e209bd099a1c3f2 143226 squid-cgi_3.4.8-6+deb8u1_amd64.deb
 0256948d68f30f49189594a7e0a90dd4f4e5524ee81a214a184944feea7a8119 138888 squid-purge_3.4.8-6+deb8u1_amd64.deb
Files:
 265bfd7b2aaec2bc763e1c3f292592b7 2299 web optional squid3_3.4.8-6+deb8u1.dsc
 094bd5f974d13485d51d02e93ec6027b 3042254 web optional squid3_3.4.8.orig.tar.bz2
 d15a1fbe699bb305176658762a9a1231 32128 web optional squid3_3.4.8-6+deb8u1.debian.tar.xz
 b74d1d1abe1037d8af6d1222e08f9746 258118 web optional squid3-common_3.4.8-6+deb8u1_all.deb
 b558b36f5f7422383f0fa547398db1b7 2069056 web optional squid3_3.4.8-6+deb8u1_amd64.deb
 921b1802e9a43be666d7947f1cea2c30 8659204 debug extra squid3-dbg_3.4.8-6+deb8u1_amd64.deb
 b0376a765e8aed60261fe6a8538cc6c2 140356 web optional squidclient_3.4.8-6+deb8u1_amd64.deb
 ce5124afe2cf666d09f744da980c3447 143226 web optional squid-cgi_3.4.8-6+deb8u1_amd64.deb
 baefc8fb15cf9f824f7f1222377a5d7b 138888 web optional squid-purge_3.4.8-6+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVtVa2AAoJEAKE8gwrqXztBMsQALjbGylzN8kJyzh4DvdZnu6f
8exdGW2WPVJ0s2l/19owvfbltpGeVQ/t/o4WNj8nv/g1iZNp52ZQCLAjYHpydudL
WoHHWZwOFVDzmgfZ8LTq/ZLFg1xFm1GLbAGJ6eagX4llrTswZBf+j1/D2f7HMuoK
dIwRn6oqIaws5fZnPIhvAG+MqweTx1lEl3UhY/4y7TGdyqxs0TWzxyR3VRuB+jcI
m2c1ryPGVh4L+/pPcDFDeGnPhBWEfjlGzVSwe4dL8yr0ARnTsoarcWxsHrci8T6A
fVbGZec8W+7KCZvuoH+ZRYSH2ZrUoOrAKaHILtWkZYtkFhRtpi6lgQJBIK1Qczu3
fKfkniyNMfQGSzssvjAJQXyfzZRHL12TqU+3DaZBJeeYt86aIDkQoDOuMqGvKZtW
B0pztF65432mA4lpEQQZ6pY3A5NTmVgBCaWoQ7fY1U2auoI8IrPaLgUcgY2wfRBo
aDsVaxs6aOzh0EooEPjECN/FzeQRtn+Fms7XKEnlmHyreGD8kaMbUhNYf081PIAb
MLJuHamk0ag+WfKYg4PTfatMf7t3msa7TmEK/lY+r1ybY9BaNSvro+3wAZhpsAb9
nxvViG7Xul+XEors5S7zXeZVh5GfXok//hz7HZcTsQhRwCshDH5p0SXRLm8ymBZQ
OpAqABt73vN24EWMsZ6W
=RCMi
-----END PGP SIGNATURE-----

Message #29 received at 793128-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 793128-close@bugs.debian.org

Subject: Bug#793128: fixed in squid3 3.1.20-2.2+deb7u3

Date: Sun, 09 Aug 2015 19:47:28 +0000

Source: squid3
Source-Version: 3.1.20-2.2+deb7u3

We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 793128@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated squid3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 02 Aug 2015 15:57:21 +0200
Source: squid3
Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi
Architecture: source all amd64
Version: 3.1.20-2.2+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Luigi Gangitano <luigi@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 squid-cgi  - Full featured Web Proxy cache (HTTP proxy) - control CGI
 squid3     - Full featured Web Proxy cache (HTTP proxy)
 squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files
 squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 793128
Changes: 
 squid3 (3.1.20-2.2+deb7u3) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2015-5400.patch patch.
     CVE-2015-5400: Information disclosure due to incorrect handling of peer
     responses. (Closes: #793128)
Checksums-Sha1: 
 de739760385fd0905045e0544242e0e2ef42ac87 2128 squid3_3.1.20-2.2+deb7u3.dsc
 b00f18beb0679721b541c8a1e2723190323b07a1 24832 squid3_3.1.20-2.2+deb7u3.debian.tar.xz
 167d40258b5de399c2f60d5c14f0647ced66b5f6 203816 squid3-common_3.1.20-2.2+deb7u3_all.deb
 4d78255c6f26ab06c2e030a329e7075b5d1b4cd2 1645902 squid3_3.1.20-2.2+deb7u3_amd64.deb
 e4ac63946c369163184446be0a57576d4ee78aa4 6976132 squid3-dbg_3.1.20-2.2+deb7u3_amd64.deb
 e8932c04b5c89380ee6e14f53ba7fb9ea31cdbd5 113428 squidclient_3.1.20-2.2+deb7u3_amd64.deb
 44d172b86c88780f6aa8f131b4ea1f733e93e9b2 116286 squid-cgi_3.1.20-2.2+deb7u3_amd64.deb
Checksums-Sha256: 
 24f2dd0a0d3ea84720f5fa49eeef9eb4124fcc79e3edefa1fdecaf8f6a2b0601 2128 squid3_3.1.20-2.2+deb7u3.dsc
 f6ebb8efe2fa902db2274bf9f3504279f9be73aa91217e64f57bcc799fd365c5 24832 squid3_3.1.20-2.2+deb7u3.debian.tar.xz
 dea240a22434ab0a3548a711f19d2404215e2cf988c6d4d5a2e6617cda5c8e3a 203816 squid3-common_3.1.20-2.2+deb7u3_all.deb
 54e9ec10d4467d90ac20d8a23da9a4a05faf706344ee4395300887fbc2ba8a4f 1645902 squid3_3.1.20-2.2+deb7u3_amd64.deb
 3324947044e8e1cb5925520cdb174968757431778b19f0970cd5c5073536919a 6976132 squid3-dbg_3.1.20-2.2+deb7u3_amd64.deb
 45f59847c987297ac9e37bba4302ac571975f7a916846a7d35c839cfca308617 113428 squidclient_3.1.20-2.2+deb7u3_amd64.deb
 cad5dda5c598dfb4bcec473f76cbb8ab1bf38223bb7f7dd870616e404311cc95 116286 squid-cgi_3.1.20-2.2+deb7u3_amd64.deb
Files: 
 6cec05aaf1e1e1878489695c9f0de663 2128 web optional squid3_3.1.20-2.2+deb7u3.dsc
 79013e2f1b8e4709ccf2e639c7f1b86e 24832 web optional squid3_3.1.20-2.2+deb7u3.debian.tar.xz
 41d9d49fd259a22346f29ae18c7c3162 203816 web optional squid3-common_3.1.20-2.2+deb7u3_all.deb
 92cf9c78056799b6429babae0707f656 1645902 web optional squid3_3.1.20-2.2+deb7u3_amd64.deb
 26b805944093cb20b967c1a506cca000 6976132 debug extra squid3-dbg_3.1.20-2.2+deb7u3_amd64.deb
 fd7f1308dfa3074eaa8aaff0e3b2c31e 113428 web optional squidclient_3.1.20-2.2+deb7u3_amd64.deb
 e6177094cd6a2aa621e43e7f4ef55772 116286 web optional squid-cgi_3.1.20-2.2+deb7u3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVvi/9AAoJEAVMuPMTQ89EX28P/jUGOiUiLoz0dgolfCW4EvEt
Oww/YJQFcxyUHV50Su7DWXZGbTYse3Nb+NKyGX6ptqWHA0/1TF7lcgrdqBkjzjrp
s5G5bDLlEPfMUeWyRSp0dr+XGtzR3ZLiEBY35FGamj/Wp1mz7GV05NrAOEsnLnFk
fRnPtUzDsULrUpIvGG7/ebPDPU2LOCt0rmpk5QrdiEqcF5UR6zQOKnkMR5uDrN2l
nyjQW+Nkt5qfVOQieGdo6qcHGNhnKo7UyvqVRF4iLUalbyh4Ls/xPjM0QV8gkGV2
eatslt+PzbGjjofcD04H6tlx3l+oynLmO/D9hMpmuoWk8LExER0qZXFZKTXcNnpd
vKqQ5I/Q6IX2OUgPB7ErOmbkOpE7i0gSnuulTnYDd1kMgy8NduFD+wbmEcTz5O/O
d/QA2AjYhbibW4xo6uPa/TmQ7720qj4nUGkfuhaI724wCRRFZh4yYaNDPuKoJ7IA
WS1lTgp6fj/Zp+hfzSjYEwohY8+vzw5trayGP3XCeoBexOxL09nt5xgfTeFG8xRW
RG561gW4GxRodLDSjyFLilQtsnVVKU+7WNxpq6E6isMKA9yRmr/4hO29tkP0GOJF
lTDmsXF9C4rKv/RDz3SwX4DJfO32q5SeFwiOGFLCu2kN5RlWTFvzXZEkgdy8ZbTU
8u0sdmcqN3LtwbzIY+RR
=EG5O
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.