Changelog
squid3 (3.4.8-6+deb8u3) jessie-security; urgency=high
* Non-maintainer upload.
* Fix CVE-2016-4051: Buffer overflow in cachemgr.cgi.
* Fix CVE-2016-4052: Multiple stack-based buffer overflows by wrongly
handling Edge Side Includes (ESI) responses.
* Fix CVE-2016-4053: Public information disclosure of the server stack
layout when processing ESI responses.
* Fix CVE-2016-4054: Remote code execution when processing ESI responses.
* Fix CVE-2016-4553: Cache Poisoning issue in HTTP Request handling.
* Fix CVE-2016-4554: Header Smuggling issue in HTTP Request processing.
* Fix CVE-2016-4555 and CVE-2016-4556: Denial of Service when
processing ESI responses.
* debian/rules: include /usr/share/cdbs/1/rules/autoreconf.mk, needed by
CVE-2016-4051 fix.
* debian/control: Add Build-depend on dh-autoreconf
-- Santiago Ruano Rincón <email address hidden> Fri, 13 May 2016 08:09:16 +0200