Publishing details

Changelog

squid3 (3.5.12-1ubuntu7.3) xenial-security; urgency=medium

  * SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional
    - debian/patches/CVE-2016-10002.patch: properly handle combination of
      If-Match and a Cache Hit in src/LogTags.h, src/client_side.cc,
      src/client_side_reply.cc, src/client_side_reply.h.
    - CVE-2016-10002
  * SECURITY UPDATE: incorrect HTTP Request header comparison
    - debian/patches/CVE-2016-10003.patch: don't share private responses
      with collapsed client in src/client_side_reply.cc.
    - CVE-2016-10003

 -- Marc Deslauriers <email address hidden>  Fri, 03 Feb 2017 14:09:18 -0500

Available diffs

Builds

Built packages

Package files