-
squid3 (3.4.8-6+deb8u5) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* ESI: make sure endofName never exceeds tagEnd (CVE-2018-1000024)
(Closes: #888719)
* Fix indirect IP logging for transactions without a client connection
(CVE-2018-1000027) (Closes: #888720)
-- Salvatore Bonaccorso <email address hidden> Sun, 18 Feb 2018 17:20:03 +0100
-
squid3 (3.4.8-6+deb8u4) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix cache_peer login=PASS(THRU) after CVE-2015-5400.
Thanks to Amos Jeffries <email address hidden> (Closes: #819563)
* CVE-2016-10002: Information disclosure in HTTP Request processing
(Closes: #848493)
-- Salvatore Bonaccorso <email address hidden> Sun, 18 Dec 2016 11:47:19 +0100
-
squid3 (3.4.8-6+deb8u3) jessie-security; urgency=high
* Non-maintainer upload.
* Fix CVE-2016-4051: Buffer overflow in cachemgr.cgi.
* Fix CVE-2016-4052: Multiple stack-based buffer overflows by wrongly
handling Edge Side Includes (ESI) responses.
* Fix CVE-2016-4053: Public information disclosure of the server stack
layout when processing ESI responses.
* Fix CVE-2016-4054: Remote code execution when processing ESI responses.
* Fix CVE-2016-4553: Cache Poisoning issue in HTTP Request handling.
* Fix CVE-2016-4554: Header Smuggling issue in HTTP Request processing.
* Fix CVE-2016-4555 and CVE-2016-4556: Denial of Service when
processing ESI responses.
* debian/rules: include /usr/share/cdbs/1/rules/autoreconf.mk, needed by
CVE-2016-4051 fix.
* debian/control: Add Build-depend on dh-autoreconf
-- Santiago Ruano Rincón <email address hidden> Fri, 13 May 2016 08:09:16 +0200
-
squid3 (3.4.8-6+deb8u2) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2016-2571: better handling of huge response headers in
src/http.cc
-- Salvatore Bonaccorso <email address hidden> Sun, 20 Mar 2016 14:13:54 +0100
-
squid3 (3.4.8-6+deb8u1) jessie-security; urgency=high
[ Luigi Gangitano <email address hidden> ]
* debian/patches/36-squid-3.4-13225.patch
- Added upstream patch fixing Improper Protection of Alternate Path
(Ref: SQUID-2015:2, CVE-2015-5400) (Closes: #793128)
-- Luigi Gangitano <email address hidden> Wed, 22 Jul 2015 18:36:08 +0200
-
squid3 (3.4.8-6) unstable; urgency=medium
[ Luigi Gangitano <email address hidden> ]
* debian/patches/31-squid-3.4-13199.patch
- Added upstream patch fixing excessive CPU usage (Closes: #776461)
* debian/patches/32-squid-3.4-13210.patch
- Added upstream patch fixing excessive CPU and memory usage in
NTLM and Negotiate authentication helpers (Closes: #776463)
* debian/patches/33-squid-3.4-13211.patch
- Added upstream patch fixing a possible replay vulnerability on Digest
authentication (Closes: #776464)
* debian/patches/34-squid-3.4-13213.patch
- Added upstream patch fixing incorrect security permissions for
TOS/DiffServ packet marking (Closes: #776468)
* debian/patches/35-squid-3.4-13203.patch
- Added upstream patch fixing squidclient unable to connect to host with
both IPv4 and IPv6 addresses (Closes: #742425)
-- Luigi Gangitano <email address hidden> Wed, 28 Jan 2015 12:34:42 +0100
-
squid3 (3.4.8-5) unstable; urgency=medium
[ Luigi Gangitano <email address hidden> ]
* debian/squid3.{pre,post}inst
- Moved ACL manager fix to postinst (Closes: #773032)
-- Luigi Gangitano <email address hidden> Tue, 16 Dec 2014 13:43:03 +0100
-
squid3 (3.4.8-4) unstable; urgency=medium
[ Luigi Gangitano <email address hidden> ]
* debian/squid3.preinst
- Revert changes on abort-upgrade
-- Luigi Gangitano <email address hidden> Fri, 05 Dec 2014 10:44:02 +0100
-
squid3 (3.4.8-2) unstable; urgency=medium
[ Santiago Garcia Mantinan <email address hidden> ]
* Add patch to remove bashisms from cert_tool
* Add manual page for squid-purge
* Create run_dir needed for SMP with several workers to run. This
fixes #710126 (Closes: #732183, #760400)
* Use CONFIG instead of sq (Closes: #763867)
* Remove find_cache_type and use grepconf (both functions were =).
* Allow find_cache_dir and grepconf to have whitespace in the beginning
(Closes: #761209)
* Add config check before reload/restart, thanks Freddy (Closes: #728222)
[ Amos Jeffries <email address hidden> ]
* debian/squid3.postinst
- update grepconf to support SMP macros and sub-config files
when locating cache_dir and effective user/group
* debian/squid3.rc
- remove special handling for obsolete COSS cache type
- change grepconf to support SMP macros and sub-config files
* debian/rules
- add distribution details to squid -v display output
this obsoletes the Ubuntu fix-distribution.patch
* debian/control
- bumped libecap dependency version to 0.2.0-2
* debian/squid3.resolvconf
- added check on /usr availability before squid3 restart (Closes: #765476)
[ Luigi Gangitano <email address hidden> ]
* debian/squid3.rc
- Change config check to config parse on start/reload/restart
* debian/control
- Fixed XS-Vcs-Git Header pointing anonscm.debian.org
-- Luigi Gangitano <email address hidden> Wed, 29 Oct 2014 15:50:51 +0100
-
squid3 (3.4.8-1) unstable; urgency=high
* Urgency high due to security fixes
[ Amos Jeffries <email address hidden> ]
* New upstream release (Closes: #737008)
- Fixes CVE-2014-6270: off by one in snmp subsystem (Closes: #761002)
- Fixes CVE-2014-CVE-2014-7141 and CVE-214-7142 (Closes: #760999)
+ pinger remote DoS vulnerabilities
- Fixes CVE-2014-0128: Denial of Service in SSL-Bump (Closes: #741312)
* debian/patches/
- remove CVE-2014-3609.patch included upstream
- remove 17-pod2man-check.patch obsoleted by new version
- add upstream patch 21-squid-3.4-13176-memoryleak.patch:
memory leak in external_acl_type helper with cache=0 or ttl=0
* debian/rules
- add --disable-arch-native to build with portable CPU support
* debian/control
- libecap API support is specific to version 0.2.0
- use nettle for crypto library
* debian/watch
- updated watch pattern for upstream major series
* debian/rules
- Remove obsolete --enable-underscores (Closes: #693905)
[ Luigi Gangitano <email address hidden> ]
* debian/patches/
- refreshed all patches to match 3.4.8
* debian/control
- Added dependency for missing intepreter ksh
- Bumped Standard-Version to 3.9.6, no change needed
- Added XS-Vcs-Git Header pointing to Alioth repository
-- Luigi Gangitano <email address hidden> Fri, 17 Oct 2014 00:10:00 +1300
-
squid3 (3.3.8-1.2) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Add CVE-2014-3609.patch patch.
CVE-2014-3609: Denial of Service in Range header processing.
Ignore Range headers with unidentifiable byte-range values. If squid is
unable to determine the byte value for ranges, treat the header as
invalid. (Closes: #759509)
-- Salvatore Bonaccorso <email address hidden> Thu, 28 Aug 2014 18:03:47 +0200
-
squid3 (3.3.8-1.1) unstable; urgency=low
* Non-maintainer upload.
* Fix "FTBFS: cp: cannot stat
'/«PKGBUILDDIR»/debian/tmp/usr/share/man/man8/basic_db_auth.8': No
such file or directory":
new patch 17-pod2man-check.patch:
fix config.test files' check for perl and pod2man
(Closes: #725599)
-- gregor herrmann <email address hidden> Sat, 23 Nov 2013 21:05:10 +0100
-
squid3 (3.3.8-1) unstable; urgency=high
* Urgency high due to security fixes
* New upstream release
- Fixes security issues (Closes: #716743)
+ Buffer overflow in HTTP request handling (Ref: SQUID-2013:2,
CVE-2013-4115)
+ DoS in request processing (Ref: SQUID-2013:3, CVE-2013-4123)
- Includes PNG image used in error pages, with new copyright assignement
(Closes: #683255)
* Added /var/run/squid3 dir to host sockets in SMP configuration
(Closes: #710126)
* debian/control
- Bumped Standard-Version to 3.9.4, no change needed
-- Luigi Gangitano <email address hidden> Sun, 21 Jul 2013 18:28:36 +0200
-
squid3 (3.3.4-1) unstable; urgency=low
* New upstream release
- Added support for SHA passwords in ncsa_auth (Closes: #652010)
* debian/squid3.lintian-overrides
- Added override for pinger setuid bin
* debian/watch
- Fixed pattern to skip the last dot
* debian/rules
- Removed reference to cppunit-basedir
-- Luigi Gangitano <email address hidden> Mon, 06 May 2013 16:46:33 +0200
-
squid3 (3.3.3-2) unstable; urgency=low
I would like to thank Amos Jeffries <email address hidden> for his help
with this release.
* debian/control
- Added Build-Depend on pkg-config to solve FTBFS when ecap is enabled
(Closes: #706025)
- Fixed package descriptions
- Added Build-Depend on libnetfilter-conntrack-dev
- Added Suggests on winbindd for NTLM authentication
* debian/patches/01-cf.data.debian.patch
- Removed change to visible_hostname defaut value (Closes: #705983)
- Fixed path of ntlm_auth helper in example
* debian/rules
- Removed --enable-arp-acl options obsoleted by --enable-eui
- Fixed FTBFS on hurd due to missing netfilter support
- Enabled Rock store type support
- Added SETUID bit to pinger program
* debian/watch
- Fixed pattern to match all the released versions of 3.3
-- Luigi Gangitano <email address hidden> Tue, 23 Apr 2013 15:38:39 +0200
