Debian Bug report logs -
#819784
squid3: CVE-2016-3948
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 2 Apr 2016 09:09:05 UTC
Severity: important
Tags: patch, security, upstream
Found in version squid3/3.5.15-1
Fixed in version squid3/3.5.16-1
Done: Luigi Gangitano <luigi@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Luigi Gangitano <luigi@debian.org>:
Bug#819784; Package src:squid3.
(Sat, 02 Apr 2016 09:09:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Luigi Gangitano <luigi@debian.org>.
(Sat, 02 Apr 2016 09:09:09 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: squid3
Version: 3.5.15-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for squid3.
CVE-2016-3948[0]:
Denial of service
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-3948
[1] http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch
[2] http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Luigi Gangitano <luigi@debian.org>:
You have taken responsibility.
(Sun, 03 Apr 2016 18:21:11 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sun, 03 Apr 2016 18:21:11 GMT) (full text, mbox, link).
Message #10 received at 819784-close@bugs.debian.org (full text, mbox, reply):
Source: squid3
Source-Version: 3.5.16-1
We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 819784@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luigi Gangitano <luigi@debian.org> (supplier of updated squid3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 03 Apr 2016 19:57:00 +0200
Source: squid3
Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge
Architecture: source amd64 all
Version: 3.5.16-1
Distribution: unstable
Urgency: high
Maintainer: Luigi Gangitano <luigi@debian.org>
Changed-By: Luigi Gangitano <luigi@debian.org>
Description:
squid - Full featured Web Proxy cache (HTTP proxy)
squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI
squid-common - Full featured Web Proxy cache (HTTP proxy) - common files
squid-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
squid3 - Transitional package
squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 819783 819784
Changes:
squid3 (3.5.16-1) unstable; urgency=high
.
[ Amos Jeffries <amosjeffries@squid-cache.org> ]
* New Upstream Release
- Fixes security issue SQUID-2016:3 (CVE-2016-3947) (Closes: #819783)
- Fixes security issue SQUID-2016:4 (CVE-2016-3948) (Closes: #819784)
.
* debian/patches/
- Remove patch included upstream
Checksums-Sha1:
1df17913e3740e682a2fdd17d109819aea584b98 2344 squid3_3.5.16-1.dsc
559be0bbeeff836070d144fa07f8c193c1bc7f86 4717250 squid3_3.5.16.orig.tar.gz
27fb9bfbeaac452a9109e7f0c8c7315e54f8da2b 24428 squid3_3.5.16-1.debian.tar.xz
098da56f194aba6d9abeaa5d5f84a437a0383649 160562 squid-cgi_3.5.16-1_amd64.deb
81178fb45abd1997211126df2a0bd93782b429c2 281166 squid-common_3.5.16-1_all.deb
7a753b46356c7618bb81996e9f6035156b9181f0 11712358 squid-dbg_3.5.16-1_amd64.deb
99ad9157d80877f4c9e56043d1b54ab0b6163344 154800 squid-purge_3.5.16-1_amd64.deb
007959312bb46cc17bb94a5d478d3c609d1dcf1b 136812 squid3_3.5.16-1_all.deb
965d5870450486b150ab9b34ca838c3831a04df6 2432470 squid_3.5.16-1_amd64.deb
cd4d254554390a622f824bd17be646721f9ab153 166078 squidclient_3.5.16-1_amd64.deb
Checksums-Sha256:
95e685a2c0ee4f5bbbc14017c953f12ad63bc6a4860e5ead786b4c132f5955df 2344 squid3_3.5.16-1.dsc
3feed3ef550feaa3ef02f623295d74a71eb20d448e2883b5976c550c2f0cfb4f 4717250 squid3_3.5.16.orig.tar.gz
b2d3f43aacdd7c2350e3d04928151cd25e079bc4ba67bbbe760f619001bcf53a 24428 squid3_3.5.16-1.debian.tar.xz
f25e2880b2d045ffaf3e477f5e15e3077605a37c95a5de9e708f2a95ae6f89a0 160562 squid-cgi_3.5.16-1_amd64.deb
d6a5e8ca3a457e922228fecf388ea744ac9f66f93a290db7a807b846074363bc 281166 squid-common_3.5.16-1_all.deb
413dd9d735c9e582eeeabb229c1edf29a01f83c458d107e58488e54a0dca952e 11712358 squid-dbg_3.5.16-1_amd64.deb
f12e3d2bbe54690ab86bdb6b1e42d3242b043fe4ae99387e7be111c29c5260b6 154800 squid-purge_3.5.16-1_amd64.deb
30ba11317ef908f6359d854970a27e91c62638844a4f4df7451fe3f831b3c028 136812 squid3_3.5.16-1_all.deb
625ab69d7a978d157c3936b9e235fe29e34ef2f9dcc6145282ad89dc507cd8ad 2432470 squid_3.5.16-1_amd64.deb
73d326905933de2ac1d0da68c34b81909a6934d686e19d32d2d732f1bcb997c4 166078 squidclient_3.5.16-1_amd64.deb
Files:
6e86465db182aa3b8e1ad224295b79cb 2344 web optional squid3_3.5.16-1.dsc
0211633a824cb6e1cf82db793d87e04c 4717250 web optional squid3_3.5.16.orig.tar.gz
a7e7b709167d668a0b3d6faf96fad04e 24428 web optional squid3_3.5.16-1.debian.tar.xz
0bf293f160d113f1ca0c5dad427c88ea 160562 web optional squid-cgi_3.5.16-1_amd64.deb
335c998d0042656ac48859864d332272 281166 web optional squid-common_3.5.16-1_all.deb
693af399c1a2585727679ecdcd7e8cbf 11712358 debug extra squid-dbg_3.5.16-1_amd64.deb
64198c8abd1959ee89729db1c2b975da 154800 web optional squid-purge_3.5.16-1_amd64.deb
4067dbbb8565f095398da0f58ab36ed4 136812 oldlibs extra squid3_3.5.16-1_all.deb
dd3a3e0575133a0bec644ce9c8ff60a7 2432470 web optional squid_3.5.16-1_amd64.deb
83ba4de2320702b42a229e0973a27d80 166078 web optional squidclient_3.5.16-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXAVvEAAoJEAKE8gwrqXzt02QQALMympaap56hgAajekWLf2t6
N8gTikrBgvd/OtM4BcZx6veD0KFW8iaPHmYQY/URbTcr+T/6EEmmCSFPH9dYhvHN
lZqloVo3MrB3nBJ0KWcyDAtlMG3+sg0VHfcmDL7oE/o/bQvWLx6//SCBLH7Rpqov
KpSqcAxJugtzG9ae86XH5w9IQ0thbHzX08oowQIae+QT0zozvbcqwCEBvZx7MAx6
bUWohcSXotadAvCrvT87kFZSmFuEIs3nNK29iNk4Bm3tpz768XccQtbwqZ/BhJnq
D+SBjK8mVyOmYz+WO+vS2OF33O4E9ZeZKh9vUuESUPhdFC2tamI+2GPwHVMiBYaK
zhw8LUldQy6inqm6c6BT2ZMNaRYABLvSodO1pvsylU+FzxVCVb+6Odmt/gjoKzZe
UuSVaO1y9+r7HTdvOS+aAmZyMVIyvL4FHWYlRk6q+p3y1QF9Nj3qKCtumGeg7YdE
XbLYO1jclFFT+PIalkDYah6XJBcPZITcxbsZDmRo2YTHTrOrJEeGtOuXYBhgtof3
W/Ecm9tp3D/aH5u2iG0U2z6H/lddm8svDevbZOsHsmIQHt574pZcnAJpf4hO6x7t
1rNL7MXWLV1Z+npIvMEuq+viZDnB8Hbw3AMGMJv7eURN9gXFjQR1Bxad5/+4DaER
CN623Gv5Z4FHlc3Ks88K
=lZ++
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 10 Jun 2016 07:33:24 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:39:22 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon