Publishing details

• Published on 2017-05-12

Changelog

apt-cacher-ng (2-2) testing; urgency=high

  * Special version only for Debian Stretch, solving moderate security issues:
    + hardening against HTTP header splitting attack (no user input printed in
      the HTTP headers anymore; backport from Sid, related to CVE-2017-7443)
    + hardening against unintended or malicious triggering of hidden space
      allocation, by disabling the fallocate completely. This is ultima ratio,
      trading code simplicity for fragmentation avoiding efforts; a smarter
      solution is found in upstream version 3; closes: #856635)
    + handle a corner case of bad TLS handshake with invalid certificate
      (related to #839751)

 -- Eduard Bloch <email address hidden>  Thu, 13 Apr 2017 18:11:17 +0200

Builds

Package files

• apt-cacher-ng_2-2.debian.tar.xz (47.4 KiB)
• apt-cacher-ng_2-2.dsc (2.1 KiB)
• apt-cacher-ng_2.orig.tar.xz (306.0 KiB)