Bug#599709: marked as done (CVE-2010-2951)

Debian Bug Tracking System Sat, 30 Oct 2010 08:51:29 -0700

Your message dated Sat, 30 Oct 2010 15:47:23 +0000
with message-id <e1pcden-0004rl...@franck.debian.org>
and subject line Bug#599709: fixed in squid3 3.1.6-1.2
has caused the Debian Bug report #599709,
regarding CVE-2010-2951
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
599709: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599709
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: squid3
Severity: grave
Tags: security

Hi,
3.1.7 fixes a security issue:
http://marc.info/?l=squid-users&m=128263555724981&w=2

> One regression introduced with 3.1.6 when contacting IPv4-only DNS
> resolvers opens a small but exploitable DoS vulnerability. All users of
> Squid-3.1.6 are urged to upgrade to this release as soon as possible.

This has been assigned CVE-2010-2951. Lenny is not affected.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages squid3 depends on:
ii  adduser                 3.112            add and remove users and groups
ii  libc6                   2.11.2-2         Embedded GNU C Library: Shared lib
pn  libdb4.6                <none>           (no description available)
ii  libgcc1                 1:4.4.4-9        GCC support library
ii  libldap-2.4-2           2.4.23-3         OpenLDAP libraries
ii  libpam0g                1.1.1-4          Pluggable Authentication Modules l
ii  libsasl2-2              2.1.23.dfsg1-5.1 Cyrus SASL - authentication abstra
ii  libstdc++6              4.4.4-9          The GNU Standard C++ Library v3
ii  logrotate               3.7.8-6          Log rotation utility
ii  lsb-base                3.2-23.1         Linux Standard Base 3.2 init scrip
ii  netbase                 4.42             Basic TCP/IP networking system
pn  squid3-common           <none>           (no description available)

squid3 recommends no packages.

Versions of packages squid3 suggests:
pn  resolvconf                    <none>     (no description available)
pn  smbclient                     <none>     (no description available)
pn  squid3-cgi                    <none>     (no description available)
pn  squidclient                   <none>     (no description available)

--- End Message ---

--- Begin Message ---

Source: squid3
Source-Version: 3.1.6-1.2

We believe that the bug you reported is fixed in the latest version of
squid3, which is due to be installed in the Debian FTP archive:

squid-cgi_3.1.6-1.2_i386.deb
  to main/s/squid3/squid-cgi_3.1.6-1.2_i386.deb
squid3-common_3.1.6-1.2_all.deb
  to main/s/squid3/squid3-common_3.1.6-1.2_all.deb
squid3-dbg_3.1.6-1.2_i386.deb
  to main/s/squid3/squid3-dbg_3.1.6-1.2_i386.deb
squid3_3.1.6-1.2.diff.gz
  to main/s/squid3/squid3_3.1.6-1.2.diff.gz
squid3_3.1.6-1.2.dsc
  to main/s/squid3/squid3_3.1.6-1.2.dsc
squid3_3.1.6-1.2_i386.deb
  to main/s/squid3/squid3_3.1.6-1.2_i386.deb
squidclient_3.1.6-1.2_i386.deb
  to main/s/squid3/squidclient_3.1.6-1.2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 599...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ben Hutchings <b...@decadent.org.uk> (supplier of updated squid3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Oct 2010 17:00:55 +0200
Source: squid3
Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi
Architecture: source all i386
Version: 3.1.6-1.2
Distribution: unstable
Urgency: low
Maintainer: Luigi Gangitano <lu...@debian.org>
Changed-By: Ben Hutchings <b...@decadent.org.uk>
Description: 
 squid-cgi  - A full featured Web Proxy cache (HTTP proxy) - control CGI
 squid3     - A full featured Web Proxy cache (HTTP proxy)
 squid3-common - A full featured Web Proxy cache (HTTP proxy) - common files
 squid3-dbg - A full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squidclient - A full featured Web Proxy cache (HTTP proxy) - control utility
Closes: 599709
Changes: 
 squid3 (3.1.6-1.2) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Fix DoS while processing large DNS replies with no IPv6 resolver present
     (CVE-2010-2951) (Closes: #599709)
Checksums-Sha1: 
 8d2c3575bbddc36616eb245f0254db405a1943dd 1901 squid3_3.1.6-1.2.dsc
 5bdd5e18b202195d168a7e5aa971380edec574a1 19326 squid3_3.1.6-1.2.diff.gz
 454517b1080d4ed7dc1b23ff4a7b91373db237bc 193340 squid3-common_3.1.6-1.2_all.deb
 6ca9a3f47d1e3eecc320f96431537b21be50d919 1447238 squid3_3.1.6-1.2_i386.deb
 ce6a56eee633de000427d71071eec352939cae94 5516202 squid3-dbg_3.1.6-1.2_i386.deb
 e68abf039f435526bc9a5d209d987ad88b49931b 105092 squidclient_3.1.6-1.2_i386.deb
 6d25bfcc18200cd9c52db573fd13233223f3400a 107354 squid-cgi_3.1.6-1.2_i386.deb
Checksums-Sha256: 
 89c3685bcfbdb55e3fdb12438a8ac4fe9deebd8f13f2cfa8f79cc3dcfb1ac3d9 1901 
squid3_3.1.6-1.2.dsc
 24a90f4c48129e778df41cf791d7b22f5524409b72c07e210ff5699291a126ea 19326 
squid3_3.1.6-1.2.diff.gz
 51cbed50dff3a86e2a26c14c3983cfad5c79e23c09f952fed0bb80dfcebbfd89 193340 
squid3-common_3.1.6-1.2_all.deb
 e909c704d23f8022c84d0feb8708aa3ea1084f0e95cbd59e7fee596eafd5cf6a 1447238 
squid3_3.1.6-1.2_i386.deb
 e0b491d162358bad74ae9ae5ba4561015bbb9f9faa6869fb2eef1c77ae10dc7f 5516202 
squid3-dbg_3.1.6-1.2_i386.deb
 908ee4a666507d7999e4df0d6e6b2ecb271624945c9e1b5502e25ca868b1bcd6 105092 
squidclient_3.1.6-1.2_i386.deb
 a0b33d5a2aeaa695aeecd18abe05d8cddb4fcaaa3e89d182e810fc3381b2c03b 107354 
squid-cgi_3.1.6-1.2_i386.deb
Files: 
 43e13c9180d9acf8284ea16f5664d05b 1901 web optional squid3_3.1.6-1.2.dsc
 5452e05438d27ad06e6a263307ff8f64 19326 web optional squid3_3.1.6-1.2.diff.gz
 970d4736437382743d9fe05402a44986 193340 web optional 
squid3-common_3.1.6-1.2_all.deb
 dfe5c39ca1ddc4008301c20b4ba0eb8a 1447238 web optional squid3_3.1.6-1.2_i386.deb
 8aed6a82b5623bbf434efa89b78418e7 5516202 debug extra 
squid3-dbg_3.1.6-1.2_i386.deb
 5e3b63f54c638362b370adaa081d2bf4 105092 web optional 
squidclient_3.1.6-1.2_i386.deb
 903223ae2572d34f7337b8907c9d29e1 107354 web optional 
squid-cgi_3.1.6-1.2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBTMw7A+e/yOyVhhEJAQqopw/+NRSAm9nStcsu7GLoFXoz3cOjdz4aUdVO
A8jZpws02CT4xyszE0CBVpX4WlQP9c/cFjIc4SZEszTFa58krpSHx+HbjwYd6xEl
liyj1g29DGSllpndC9hG8ooeH8ug6ENWcPKL8iDsyduzF9slt793IWdTmKJA/I8C
MK1BaZER62o+K5z0GMxF2WKVRsHMuQ5iXdU8TvzhMmD+IWnsUk4MSTxQQ2VoONQM
aMDClO9Yc13JW6cj29Bv3Gy6zY6Zb1IulsSAtm/1V656TNs+17HfYuCVIRKpf/EQ
yrCRktiQsdjp2CXc56pGwfhZNv3OlB9phEGwOsW2BuMF4mHrJ0WzC2L6wPQROiEo
vtedFBfMutq7+FWmtrwAIq7YNJ0EBI6q8EU9ontlmkYc821NRQchjUxm0bbrMEHd
0X92uUX3UBzUAzUZcreoDk1l4uDqeJaQ23IXckUhK7cfVlg2pKqHuO6vogusfkZH
DIyUcHdIW1HwUteBn99SL7K/uwURN51JcvdJau39GxImUuAlmZQiiDUp1KZI6CDm
E1FHYeXsp0WDEoIbT9RcARGoRHORq3G0wpNcLoLsCKng/AloZKvrkuWIWr5mb0L8
ZxzdHYnmhQZAXnHFLbm2/ubu+un4VpVWcMR9uMSr/HMQ6jV7HtlyYXy2ap5ChG0n
y3EoEBoqAxk=
=osrc
-----END PGP SIGNATURE-----

--- End Message ---

Bug#599709: marked as done (CVE-2010-2951)

Reply via email to