Change log for squid3 package in Ubuntu
1 → 75 of 145 results | First • Previous • Next • Last |
squid3 (3.5.27-1ubuntu1.14) bionic-security; urgency=medium * SECURITY UPDATE: Buffer Over Read in SSPI and SMB Authentication - debian/patches/CVE-2022-41318.patch: improve checks in lib/ntlmauth/ntlmauth.cc. - CVE-2022-41318 -- Marc Deslauriers <email address hidden> Fri, 23 Sep 2022 08:08:17 -0400
Available diffs
squid3 (3.5.27-1ubuntu1.13) bionic-security; urgency=medium * SECURITY UPDATE: Denial of Service in Gopher Processing - debian/patches/CVE-2021-46784.patch: improve handling of Gopher responses in src/gopher.cc. - CVE-2021-46784 -- Marc Deslauriers <email address hidden> Tue, 21 Jun 2022 13:45:17 -0400
Available diffs
squid3 (3.5.27-1ubuntu1.12) bionic-security; urgency=medium * SECURITY UPDATE: information disclosure via OOB read in WCCP protocol - debian/patches/CVE-2021-28116.patch: validate packets better in src/wccp2.cc. - CVE-2021-28116 -- Marc Deslauriers <email address hidden> Mon, 04 Oct 2021 08:32:25 -0400
Available diffs
squid3 (3.5.27-1ubuntu1.11) bionic-security; urgency=medium * SECURITY UPDATE: DoS via buffer-management bug - debian/patches/CVE-2021-28651.patch: fix memory leak in src/urn.cc. - CVE-2021-28651 * SECURITY UPDATE: DoS via HTTP Range request - debian/patches/CVE-2021-3180x.patch: handle more Range requests in src/HttpHdrRange.cc, src/HttpHeaderRange.h, src/client_side.cc, src/client_side_request.cc, src/client_side_request.h. - CVE-2021-31806 - CVE-2021-31807 - CVE-2021-31808 * SECURITY UPDATE: DoS via HTTP response - debian/patches/CVE-2021-33620.patch: handle more partial responses in src/HttpHdrContRange.cc, src/HttpHeaderRange.h, src/clients/Client.cc, src/client_side.cc. - CVE-2021-33620 -- Marc Deslauriers <email address hidden> Wed, 02 Jun 2021 13:03:13 -0400
Available diffs
squid3 (3.5.27-1ubuntu1.10) bionic-security; urgency=medium * SECURITY UPDATE: HTTP Request Smuggling issue - debian/patches/CVE-2020-25097.patch: Add slash prefix to path- rootless or path-noscheme URLs in src/url.cc. - CVE-2020-25097 -- Marc Deslauriers <email address hidden> Thu, 25 Mar 2021 12:45:30 -0400
Available diffs
squid3 (3.5.12-1ubuntu7.16) xenial-security; urgency=medium * SECURITY UPDATE: HTTP Request Smuggling issue - debian/patches/CVE-2020-25097.patch: Add slash prefix to path- rootless or path-noscheme URLs in src/url.cc. - CVE-2020-25097 -- Marc Deslauriers <email address hidden> Thu, 25 Mar 2021 12:46:49 -0400
Available diffs
squid3 (3.5.12-1ubuntu7.15) xenial-security; urgency=medium * SECURITY UPDATE: Request Smuggling and Poisoning issue - debian/patches/CVE-2020-15049.patch: validate Content-Length value prefix in src/http/ContentLengthInterpreter.cc, src/http/ContentLengthInterpreter.h. - CVE-2020-15049 * SECURITY UPDATE: HTTP Request Smuggling issue - debian/patches/CVE-2020-15810.patch: enforce token characters for field-name in src/HttpHeader.cc. - CVE-2020-15810 * SECURITY UPDATE: HTTP Request Splitting issue - debian/patches/CVE-2020-15811-pre.patch: validate Content-Length header values in src/HttpHeader.cc, src/HttpHeaderTools.cc, src/HttpHeaderTools.h, src/http/ContentLengthInterpreter.cc, src/http/ContentLengthInterpreter.h, src/http/Makefile.am. - debian/patches/CVE-2020-15811.patch: Improve Transfer-Encoding handling in src/HttpHeader.cc, src/HttpHeader.h, src/client_side.cc, src/http.cc. - CVE-2020-15811 * SECURITY UPDATE: DoS via peer crafted Cache Digest response message - debian/patches/CVE-2020-24606.patch: fix livelocking in peerDigestHandleReply in src/peer_digest.cc. - CVE-2020-24606 * Enable the test suite - debian/rules: enable test suite - debian/patches/enable-the-test-suite.patch: fix FTBFS. - debian/patches/fix-stub-comm-test.patch: fix FTBFS. -- Marc Deslauriers <email address hidden> Wed, 16 Sep 2020 11:34:11 -0400
Available diffs
squid3 (3.5.12-1ubuntu7.14) xenial; urgency=medium * d/squid.resolvconf: Invoke "systemctl reload --no-block" if we are using systemd. This prevents squid from blocking if the reload action is being issued indirectly because of another service (e.g., because dnsmasq has been restarted), which may cause a deadlock and prevent the whole transaction to complete. (LP: #1761096) -- Sergio Durigan Junior <email address hidden> Fri, 04 Sep 2020 08:31:36 -0400
Available diffs
squid3 (3.5.27-1ubuntu1.9) bionic-security; urgency=medium * SECURITY UPDATE: Request Smuggling and Poisoning issue - debian/patches/CVE-2020-15049.patch: validate Content-Length value prefix in src/http/ContentLengthInterpreter.cc, src/http/ContentLengthInterpreter.h. - CVE-2020-15049 * SECURITY UPDATE: HTTP Request Smuggling issue - debian/patches/CVE-2020-15810.patch: enforce token characters for field-name in src/HttpHeader.cc. - CVE-2020-15810 * SECURITY UPDATE: HTTP Request Splitting issue - debian/patches/CVE-2020-15811-pre.patch: validate Content-Length header values in src/HttpHeader.cc, src/HttpHeaderTools.cc, src/HttpHeaderTools.h, src/http/ContentLengthInterpreter.cc, src/http/ContentLengthInterpreter.h, src/http/Makefile.am. - debian/patches/CVE-2020-15811.patch: Improve Transfer-Encoding handling in src/HttpHeader.cc, src/HttpHeader.h, src/client_side.cc, src/http.cc. - CVE-2020-15811 * SECURITY UPDATE: DoS via peer crafted Cache Digest response message - debian/patches/CVE-2020-24606.patch: fix livelocking in peerDigestHandleReply in src/peer_digest.cc. - CVE-2020-24606 * Enable the test suite - debian/rules: enable test suite - debian/patches/enable-the-test-suite.patch: fix FTBFS. - debain/patches/fix-cppunit-detection.patch: don't use cppunit-config which is no longer available in bionic. -- Marc Deslauriers <email address hidden> Wed, 02 Sep 2020 11:35:51 -0400
Available diffs
squid3 (3.5.12-1ubuntu7.13) xenial-security; urgency=medium * SECURITY REGRESSION: regression when parsing icap and ecap protocols (LP: #1890265) - debian/patches/CVE-2019-12523-bug965012.patch * Thanks to Markus Koschany for the regression fix! -- Marc Deslauriers <email address hidden> Wed, 26 Aug 2020 06:46:39 -0400
Available diffs
squid3 (3.5.27-1ubuntu1.8) bionic-security; urgency=medium * SECURITY REGRESSION: regression when parsing icap and ecap protocols (LP: #1890265) - debian/patches/CVE-2019-12523-bug965012.patch * Thanks to Markus Koschany for the regression fix! -- Marc Deslauriers <email address hidden> Tue, 25 Aug 2020 13:12:13 -0400
Available diffs
squid3 (3.5.12-1ubuntu7.12) xenial-security; urgency=medium * SECURITY UPDATE: Multiple Issues in HTTP Request processing - debian/patches/CVE-2019-12520.patch: properly handle userinfo in src/url.cc. - CVE-2019-12520 - CVE-2019-12524 * SECURITY UPDATE: Multiple issues in URI processing - debian/patches/CVE-2019-12526.patch: replace patch with the one from Debian to get backported functions. - debian/patches/CVE-2019-12523.patch: update URI parser to use SBuf parsing APIs. - CVE-2019-12523 - CVE-2019-18676 * Thanks to Markus Koschany for the backports this update is based on. -- Marc Deslauriers <email address hidden> Thu, 30 Jul 2020 07:01:11 -0400
Available diffs
squid3 (3.5.27-1ubuntu1.7) bionic-security; urgency=medium * SECURITY UPDATE: Multiple Issues in HTTP Request processing - debian/patches/CVE-2019-12520.patch: properly handle userinfo in src/url.cc. - CVE-2019-12520 - CVE-2019-12524 * SECURITY UPDATE: Multiple issues in URI processing - debian/patches/CVE-2019-12526.patch: replace patch with the one from Debian to get backported functions. - debian/patches/CVE-2019-12523.patch: update URI parser to use SBuf parsing APIs. - CVE-2019-12523 - CVE-2019-18676 * Thanks to Markus Koschany for the backports this update is based on. -- Marc Deslauriers <email address hidden> Tue, 28 Jul 2020 12:38:51 -0400
Available diffs
squid3 (3.5.12-1ubuntu7.11) xenial-security; urgency=medium * SECURITY UPDATE: multiple ESI issues - debian/patches/CVE-2019-12519_12521.patch: convert parse exceptions into 500 status response in src/esi/Context.h, src/esi/Esi.cc, src/esi/Esi.h, src/esi/Expression.cc. - CVE-2019-12519 - CVE-2019-12521 * SECURITY UPDATE: hostname parameter mishandling in cachemgr.cgi - debian/patches/CVE-2019-18860.patch: add validation for hostname parameter in src/base/CharacterSet.cc, tools/Makefile.am, tools/cachemgr.cc. - CVE-2019-18860 * SECURITY UPDATE: Digest Authentication nonce replay issue - debian/patches/CVE-2020-11945.patch: fix auth digest refcount integer overflow in src/auth/digest/Config.cc. - CVE-2020-11945 -- Marc Deslauriers <email address hidden> Thu, 07 May 2020 10:05:12 -0400
Available diffs
squid3 (3.5.27-1ubuntu1.6) bionic-security; urgency=medium * SECURITY UPDATE: multiple ESI issues - debian/patches/CVE-2019-12519_12521.patch: convert parse exceptions into 500 status response in src/esi/Context.h, src/esi/Esi.cc, src/esi/Esi.h, src/esi/Expression.cc. - CVE-2019-12519 - CVE-2019-12521 * SECURITY UPDATE: hostname parameter mishandling in cachemgr.cgi - debian/patches/CVE-2019-18860.patch: add validation for hostname parameter in src/base/CharacterSet.cc, tools/Makefile.am, tools/cachemgr.cc. - CVE-2019-18860 * SECURITY UPDATE: Digest Authentication nonce replay issue - debian/patches/CVE-2020-11945.patch: fix auth digest refcount integer overflow in src/auth/digest/Config.cc. - CVE-2020-11945 -- Marc Deslauriers <email address hidden> Thu, 07 May 2020 10:03:32 -0400
Available diffs
squid3 (3.5.27-1ubuntu1.5) bionic-security; urgency=medium * SECURITY UPDATE: info disclosure via FTP server - debian/patches/CVE-2019-12528.patch: fix FTP buffers handling in src/clients/FtpGateway.cc. - CVE-2019-12528 * SECURITY UPDATE: incorrect input validation and buffer management - debian/patches/CVE-2020-84xx-1.patch: ignore malformed Host header in intercept and reverse proxy mode in src/client_side.cc. - debian/patches/CVE-2020-84xx-2.patch: fix request URL generation in reverse proxy configurations in src/client_side.cc. - debian/patches/CVE-2020-84xx-3.patch: fix security patch in src/client_side.cc. - CVE-2020-8449 - CVE-2020-8450 * SECURITY UPDATE: DoS in NTLM authentication - debian/patches/CVE-2020-8517.patch: improved username handling in helpers/external_acl/LM_group/ext_lm_group_acl.cc. - CVE-2020-8517 -- Marc Deslauriers <email address hidden> Wed, 19 Feb 2020 12:50:27 -0500
Available diffs
squid3 (3.5.12-1ubuntu7.10) xenial-security; urgency=medium * SECURITY UPDATE: info disclosure via FTP server - debian/patches/CVE-2019-12528.patch: fix FTP buffers handling in src/clients/FtpGateway.cc. - CVE-2019-12528 * SECURITY UPDATE: incorrect input validation and buffer management - debian/patches/CVE-2020-84xx-1.patch: ignore malformed Host header in intercept and reverse proxy mode in src/client_side.cc. - debian/patches/CVE-2020-84xx-2.patch: fix request URL generation in reverse proxy configurations in src/client_side.cc. - debian/patches/CVE-2020-84xx-3.patch: fix security patch in src/client_side.cc. - CVE-2020-8449 - CVE-2020-8450 * SECURITY UPDATE: DoS in NTLM authentication - debian/patches/CVE-2020-8517.patch: improved username handling in helpers/external_acl/LM_group/ext_lm_group_acl.cc. - CVE-2020-8517 -- Marc Deslauriers <email address hidden> Wed, 19 Feb 2020 13:06:13 -0500
Available diffs
squid3 (3.5.12-1ubuntu7.9) xenial-security; urgency=medium * SECURITY UPDATE: Heap Overflow issue in URN processing - debian/patches/CVE-2019-12526.patch: fix URN response handling in src/urn.cc. - CVE-2019-12526 * SECURITY UPDATE: CSRF issue in HTTP Request processing - debian/patches/CVE-2019-18677.patch: prevent truncation for large origin-relative domains in src/URL.h, src/internal.cc, src/url.cc. - CVE-2019-18677 * SECURITY UPDATE: HTTP Request Splitting in HTTP message processing - debian/patches/CVE-2019-18678.patch: server MUST reject messages with BWS after field-name in src/HttpHeader.cc, src/HttpHeader.h. - CVE-2019-18678 - CVE-2019-18679 -- Marc Deslauriers <email address hidden> Wed, 20 Nov 2019 07:11:17 -0500
Available diffs
squid3 (3.5.27-1ubuntu1.4) bionic-security; urgency=medium * SECURITY UPDATE: Heap Overflow issue in URN processing - debian/patches/CVE-2019-12526.patch: fix URN response handling in src/urn.cc. - CVE-2019-12526 * SECURITY UPDATE: CSRF issue in HTTP Request processing - debian/patches/CVE-2019-18677.patch: prevent truncation for large origin-relative domains in src/URL.h, src/internal.cc, src/url.cc. - CVE-2019-18677 * SECURITY UPDATE: HTTP Request Splitting in HTTP message processing - debian/patches/CVE-2019-18678.patch: server MUST reject messages with BWS after field-name in src/HttpHeader.cc, src/HttpHeader.h. - CVE-2019-18678 - CVE-2019-18679 -- Marc Deslauriers <email address hidden> Tue, 19 Nov 2019 14:59:43 -0500
Available diffs
squid3 (3.1.19-1ubuntu3.12.04.10) precise-security; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: incorrect digest auth parameter parsing - debian/patches/CVE-2019-12525.patch: check length in src/auth/digest/auth_digest.cc. - CVE-2019-12525 * SECURITY UPDATE: basic auth uudecode length issue - debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle base64 decoder in lib/Makefile.*, src/auth/basic/auth_basic.cc, , lib/uudecode.c. - CVE-2019-12529 -- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jul 2019 15:42:15 -0300
squid3 (3.5.12-1ubuntu7.8) xenial-security; urgency=medium * SECURITY UPDATE: incorrect digest auth parameter parsing - debian/patches/CVE-2019-12525.patch: check length in src/auth/digest/Config.cc. - CVE-2019-12525 * SECURITY UPDATE: basic auth uudecode length issue - debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle base64 decoder in lib/Makefile.*, src/auth/basic/Config.cc, include/uudecode.h, lib/uudecode.c. - CVE-2019-12529 -- Marc Deslauriers <email address hidden> Tue, 16 Jul 2019 14:49:40 -0400
Available diffs
squid3 (3.5.27-1ubuntu1.3) bionic-security; urgency=medium * SECURITY UPDATE: incorrect digest auth parameter parsing - debian/patches/CVE-2019-12525.patch: check length in src/auth/digest/Config.cc. - CVE-2019-12525 * SECURITY UPDATE: basic auth uudecode length issue - debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle base64 decoder in lib/Makefile.*, src/auth/basic/Config.cc, include/uudecode.h, lib/uudecode.c. - CVE-2019-12529 -- Marc Deslauriers <email address hidden> Tue, 16 Jul 2019 11:49:31 -0400
Available diffs
squid3 (3.5.27-1ubuntu1.2) bionic-security; urgency=medium * SECURITY UPDATE: DoS via SNMP memory leak - debian/patches/CVE-2018-19132.patch: fix leak in src/snmp_core.cc. - CVE-2018-19132 * SECURITY UPDATE: XSS issues in cachemgr.cgi - debian/patches/CVE-2019-13345.patch: properly escape values in tools/cachemgr.cc. - CVE-2019-13345 -- Marc Deslauriers <email address hidden> Thu, 11 Jul 2019 12:59:25 -0400
Available diffs
squid3 (3.5.12-1ubuntu7.7) xenial-security; urgency=medium * SECURITY UPDATE: DoS via SNMP memory leak - debian/patches/CVE-2018-19132.patch: fix leak in src/snmp_core.cc. - CVE-2018-19132 * SECURITY UPDATE: XSS issues in cachemgr.cgi - debian/patches/CVE-2019-13345.patch: properly escape values in tools/cachemgr.cc. - CVE-2019-13345 -- Marc Deslauriers <email address hidden> Thu, 11 Jul 2019 13:03:44 -0400
Available diffs
squid3 (3.5.12-1ubuntu7.6) xenial; urgency=medium * d/squid.rc: fix regexp for catching FATAL errors (LP: #1738412) * d/t/test-squid.py: in xenial, initscript, apparmor profile, pidfile and process are named squid, not squid3. Get rid of the multiple distro logic since these tests will be only run on xenial. * d/t/control: drop uneeded dependency on python-unit. * d/t/squid: use a shorter shutdown timeout for the tests, so they run faster -- Andreas Hasenack <email address hidden> Wed, 31 Oct 2018 09:22:14 -0300
Available diffs
squid3 (3.5.27-1ubuntu1.1) bionic; urgency=medium [ Simon Deziel ] * d/usr.sbin.squid: Update apparmor profile to grant read access to squid binary (LP: #1792728) -- Christian Ehrhardt <email address hidden> Fri, 28 Sep 2018 09:09:50 +0200
Available diffs
- diff from 3.5.27-1ubuntu1 to 3.5.27-1ubuntu1.1 (550 bytes)
Deleted in cosmic-proposed (Reason: Removed per uploader request; obsoleted by squid 4.x) |
squid3 (3.5.27-1ubuntu2) cosmic; urgency=medium * Update apparmor profile to grant read access to squid binary (LP: #1792728) -- Simon Deziel <email address hidden> Sat, 15 Sep 2018 13:55:32 -0400
Available diffs
- diff from 3.5.27-1ubuntu1 to 3.5.27-1ubuntu2 (512 bytes)
Deleted in cosmic-release (Reason: Superseded by squid) |
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
squid3 (3.5.27-1ubuntu1) bionic; urgency=medium * Merge with Debian unstable (LP: #1751286). Remaining changes: - Add additional dep8 tests. - Use snakeoil certificates. - Add an example refresh pattern for debs. - Add disabled by default AppArmor profile. - Enable autoreconf. This is no longer required for the security updates, but is needed for the seddery of test-suite/Makefile.am in d/t/upstream-test-suite. - Correct attribution and add explanatory note in d/NEWS.debian. - Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration happened in Xenial, so no upgrade path still requires this code. This reduces upgrade ordering difficulty. - Adjust seddery for upstream test squid binary location. - Revert "Set pidfile for systemd's sysv-generator" from Debian. - Drop wrong short-circuiting of various invocations; we always want to call the debhelper block. - GCC7 FTBFS fixes (LP #1712668): + d/rules: don't error when hitting the "deprecated" and "format-truncation" gcc7 warnings. Upstream 3.5.27 has fixes for these, but one in Format.cc that affects 32bit builds was deemed too intrusive for the 3.5 stable series and is only in squid 4.x * Dropped changes: - debian/patches/gcc7-squidpurge-4695.patch: GCC 7 build errors. Thanks to Lubos Uhliarik <email address hidden>. [Already applied upstream] - debian/patches/gcc7-assert-wants-boolean.patch: assert() takes a boolean. Thanks to Amos Jeffries <email address hidden> [Already applied upstream] - SECURITY UPDATE: denial of service in ESI Response processing + debian/patches/CVE-2018-1000024.patch: make sure endofName never exceeds tagEnd in src/esi/CustomParser.cc. + CVE-2018-1000024 [Added in 3.5.27-1] - SECURITY UPDATE: denial of service in in HTTP Message processing + debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for transactions without a client connection in src/client_side_request.cc. + CVE-2018-1000027 [Included in 3.5.27-1] * Added changes: - Do not force gcc-6
Available diffs
- diff from 3.5.23-5ubuntu2 to 3.5.27-1ubuntu1 (139.1 KiB)
squid3 (3.5.23-5ubuntu2) bionic; urgency=medium * SECURITY UPDATE: denial of service in ESI Response processing - debian/patches/CVE-2018-1000024.patch: make sure endofName never exceeds tagEnd in src/esi/CustomParser.cc. - CVE-2018-1000024 * SECURITY UPDATE: denial of service in in HTTP Message processing - debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for transactions without a client connection in src/client_side_request.cc. - CVE-2018-1000027 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 10:08:51 -0500
Available diffs
squid3 (3.5.23-5ubuntu1.1) artful-security; urgency=medium * SECURITY UPDATE: denial of service in ESI Response processing - debian/patches/CVE-2018-1000024.patch: make sure endofName never exceeds tagEnd in src/esi/CustomParser.cc. - CVE-2018-1000024 * SECURITY UPDATE: denial of service in in HTTP Message processing - debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for transactions without a client connection in src/client_side_request.cc. - CVE-2018-1000027 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 10:08:51 -0500
Available diffs
squid3 (3.3.8-1ubuntu6.11) trusty-security; urgency=medium * SECURITY UPDATE: denial of service in ESI Response processing - debian/patches/CVE-2018-1000024.patch: make sure endofName never exceeds tagEnd in src/esi/CustomParser.cc. - CVE-2018-1000024 * SECURITY UPDATE: denial of service in in HTTP Message processing - debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for transactions without a client connection in src/client_side_request.cc. - CVE-2018-1000027 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 10:11:57 -0500
Available diffs
squid3 (3.5.12-1ubuntu7.5) xenial-security; urgency=medium * SECURITY UPDATE: various denial of service issues - debian/patches/CVE-2016-25xx-1.patch: better handling of huge response headers in src/http.cc. - debian/patches/CVE-2016-25xx-2.patch: throw instead of asserting on some String overflows in src/SquidString.h, src/StrList.cc, src/String.cc, src/clients/Client.cc, src/clients/Client.h, src/clients/FtpClient.cc, src/http.cc. - debian/patches/CVE-2016-25xx-3.patch: fix assertion in custom ESI parser in src/esi/CustomParser.cc, src/esi/CustomParser.h. - debian/patches/CVE-2016-25xx-4.patch: fix assertion in src/FwdState.cc, src/FwdState.h, src/clients/Client.h, src/comm.cc, src/comm.h, src/http.cc. - CVE-2016-2569 - CVE-2016-2570 - CVE-2016-2571 * SECURITY UPDATE: denial of service via crafted HTTP response - debian/patches/CVE-2016-3948.patch: convert Vary handling to SBuf in src/HttpRequest.cc, src/HttpRequest.h, src/MemObject.cc, src/MemObject.h, src/MemStore.cc, src/StoreMetaVary.cc, src/client_side.cc, src/client_side_reply.cc, src/http.cc, src/http.h, src/store.cc, src/store_key_md5.cc, src/store_swapmeta.cc, src/tests/stub_MemObject.cc, src/tests/stub_http.cc. - CVE-2016-3948 * SECURITY UPDATE: denial of service in ESI Response processing - debian/patches/CVE-2018-1000024.patch: make sure endofName never exceeds tagEnd in src/esi/CustomParser.cc. - CVE-2018-1000024 * SECURITY UPDATE: denial of service in in HTTP Message processing - debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for transactions without a client connection in src/client_side_request.cc. - CVE-2018-1000027 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 09:56:31 -0500
Available diffs
squid3 (3.3.8-1ubuntu6.10) trusty; urgency=medium * debian/patches/fix-assertion-ftp-put-empty-file.patch: Fix ftp assertion error when uploading empty file. Thanks to Alex Rousskov <email address hidden>. Closes LP: #1423498. -- Andreas Hasenack <email address hidden> Thu, 28 Sep 2017 12:23:01 -0400
Available diffs
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
squid3 (3.5.23-5ubuntu1) artful; urgency=medium * Merge with Debian unstable (LP: #1712653). Remaining changes: - Add additional dep8 tests. - Use snakeoil certificates. - Add an example refresh pattern for debs. - Add disabled by default AppArmor profile. - Enable autoreconf. This is no longer required for the security updates, but is needed for the seddery of test-suite/Makefile.am in d/t/upstream-test-suite. - Correct attribution and add explanatory note in d/NEWS.debian. - Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration happened in Xenial, so no upgrade path still requires this code. This reduces upgrade ordering difficulty. - Adjust seddery for upstream test squid binary location. - Revert "Set pidfile for systemd's sysv-generator" from Debian. - Drop wrong short-circuiting of various invocations; we always want to call the debhelper block. * Drop: - Add missing Pre-Depends on adduser. [Fixed in Debian 3.5.23-2] * GCC7 FTBFS fixes (LP: #1712668): - d/rules: don't error when hitting the "deprecated" and "format-truncation" gcc7 warnings. Upstream 3.5.27 has fixes for these, but one in Format.cc that affects 32bit builds was deemed too intrusive for the 3.5 stable series and is only in squid 4.x - debian/patches/gcc7-squidpurge-4695.patch: GCC 7 build errors. Thanks to Lubos Uhliarik <email address hidden>. - debian/patches/gcc7-assert-wants-boolean.patch: assert() takes a boolean. Thanks to Amos Jeffries <email address hidden> -- Andreas Hasenack <email address hidden> Thu, 24 Aug 2017 16:04:35 -0300
Available diffs
squid3 (3.5.12-1ubuntu7.4) xenial; urgency=medium * debian/patches/passive-ftp-segfault-1560429.patch: Fix for segfault when ftp passive mode is not available. Closes: #793473, LP: #1560429. -- Andreas Hasenack <email address hidden> Fri, 07 Jul 2017 09:39:40 -0300
Available diffs
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
squid3 (3.5.23-1ubuntu1) zesty; urgency=medium * Merge from Debian (LP: #1644538). Remaining changes: - Add additional dep8 tests. - Use snakeoil certificates. - Add an example refresh pattern for debs. - Add disabled by default AppArmor profile. - Revert "Set pidfile for systemd's sysv-generator" from Debian. - Drop wrong short-circuiting of various invocations; we always want to call the debhelper block. - Add missing Pre-Depends on adduser. - Enable autoreconf. This is no longer required for the security updates, but is needed for the seddery of test-suite/Makefile.am in d/t/upstream-test-suite. * Drop changes (adopted in Debian): - Run sarg-reports if present before rotating logs. - Add lsb-release build dep. * Drop changes that no longer make a functional difference in Ubuntu, but may still be relevant to send to Debian: - d/squid3.postinst: don't try to stop squid3 again. - d/squid3.postrm: don't rm -f conffiles in purge. - Drop squid3 dependencies on ${shlib:Depends} and lsb-base. - Drop creation of /etc/squid. * Drop unnecessary changes: - Add executable bits to d/squid.preinst. * Drop changes relating to the upgrade path from prior to Xenial, so no longer required: - /var/spool/squid3 upgrade path handling. - Conffile upgrade path handling. - Remove redundant version-guarded restart code from squid postinst. - Clean up apparmor links for usr.sbin.squid3 on upgrade. - Attempt to migrate /var/log/squid3 -> /var/log/squid on upgrade. - Add Breaks on older ufw to fix upgrade path. - Use Breaks instead of Conflicts. Instead, drop the Conflicts/Replaces entirely (see below). * Drop security fixes: all included in 3.5.23 upstream. * Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration happened in Xenial, so no upgrade path still requires this code. This reduces upgrade ordering difficulty. * Fix failing autopkgtests: - Adjust Python module dependencies. - Correctly handle the squid3 -> squid rename. - Adjust seddery for upstream test squid binary location. * Drop dependency on init-system-helpers. This was introduced in LP 1432683. Since we no longer ship an upstart job, it is no longer required. * Correct attribution and add explanatory note in d/NEWS.debian.
Available diffs
- diff from 3.5.12-1ubuntu9 to 3.5.23-1ubuntu1 (687.3 KiB)
squid3 (3.1.19-1ubuntu3.12.04.8) precise-security; urgency=medium * SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional - debian/patches/CVE-2016-10002.patch: properly handle combination of If-Match and a Cache Hit in src/client_side_reply.cc, src/client_side_reply.h. - CVE-2016-10002 -- Marc Deslauriers <email address hidden> Mon, 06 Feb 2017 10:00:45 -0500
Available diffs
squid3 (3.3.8-1ubuntu6.9) trusty-security; urgency=medium * SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional - debian/patches/CVE-2016-10002.patch: properly handle combination of If-Match and a Cache Hit in src/client_side.cc, src/client_side_reply.cc, src/client_side_reply.h, src/enums.h, src/log/access_log.cc. - CVE-2016-10002 -- Marc Deslauriers <email address hidden> Mon, 06 Feb 2017 09:56:36 -0500
Available diffs
squid3 (3.5.12-1ubuntu7.3) xenial-security; urgency=medium * SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional - debian/patches/CVE-2016-10002.patch: properly handle combination of If-Match and a Cache Hit in src/LogTags.h, src/client_side.cc, src/client_side_reply.cc, src/client_side_reply.h. - CVE-2016-10002 * SECURITY UPDATE: incorrect HTTP Request header comparison - debian/patches/CVE-2016-10003.patch: don't share private responses with collapsed client in src/client_side_reply.cc. - CVE-2016-10003 -- Marc Deslauriers <email address hidden> Fri, 03 Feb 2017 14:09:18 -0500
Available diffs
squid3 (3.5.12-1ubuntu8.1) yakkety-security; urgency=medium * SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional - debian/patches/CVE-2016-10002.patch: properly handle combination of If-Match and a Cache Hit in src/LogTags.h, src/client_side.cc, src/client_side_reply.cc, src/client_side_reply.h. - CVE-2016-10002 * SECURITY UPDATE: incorrect HTTP Request header comparison - debian/patches/CVE-2016-10003.patch: don't share private responses with collapsed client in src/client_side_reply.cc. - CVE-2016-10003 -- Marc Deslauriers <email address hidden> Fri, 03 Feb 2017 14:08:07 -0500
Available diffs
squid3 (3.5.12-1ubuntu9) zesty; urgency=medium * SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional - debian/patches/CVE-2016-10002.patch: properly handle combination of If-Match and a Cache Hit in src/LogTags.h, src/client_side.cc, src/client_side_reply.cc, src/client_side_reply.h. - CVE-2016-10002 * SECURITY UPDATE: incorrect HTTP Request header comparison - debian/patches/CVE-2016-10003.patch: don't share private responses with collapsed client in src/client_side_reply.cc. - CVE-2016-10003 -- Marc Deslauriers <email address hidden> Fri, 03 Feb 2017 13:07:31 -0500
Available diffs
squid3 (3.3.8-1ubuntu6.8) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc. - CVE-2016-3947 * SECURITY UPDATE: denial of service and possible code execution via seeding manager reporter with crafted data - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal content generation in tools/cachemgr.cc, src/tests/Stub.list, src/tests/stub_cbdata.cc, src/tests/stub_mem.cc, tools/Makefile.am. - CVE-2016-4051 * SECURITY UPDATE: denial of service or arbitrary code execution via crafted ESI responses - debian/patches/CVE-2016-4052.patch: perform bounds checking and remove asserts in src/esi/Esi.cc. - CVE-2016-4052 - CVE-2016-4053 - CVE-2016-4054 * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an absolute-URI - debian/patches/CVE-2016-4553.patch: properly handle condition in src/client_side.cc - CVE-2016-4553 * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via crafted HTTP host header - debian/patches/CVE-2016-4554.patch: properly handle whitespace in src/mime_header.cc. - CVE-2016-4554 * SECURITY UPDATE: denial of service via ESI responses - debian/patches/CVE-2016-4555.patch: fix segfaults in src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc. - CVE-2016-4555 - CVE-2016-4556 * debian/rules: include autoreconf.mk. * debian/control: add dh-autoreconf to BuildDepends. * debian/patches/02-makefile-defaults.patch: also patch src/Makefile.am. * WARNING: This package does _not_ contain the changes from (3.3.8-1ubuntu6.7) in trusty-proposed. -- Marc Deslauriers <email address hidden> Wed, 08 Jun 2016 08:07:57 -0400
Available diffs
squid3 (3.1.19-1ubuntu3.12.04.7) precise-security; urgency=medium * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc. - CVE-2016-3947 * SECURITY UPDATE: denial of service and possible code execution via seeding manager reporter with crafted data - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal content generation in tools/cachemgr.cc, src/tests/stub_mem.cc, tools/Makefile.am, src/tests/STUB.h, src/squid.h. - CVE-2016-4051 * SECURITY UPDATE: denial of service or arbitrary code execution via crafted ESI responses - debian/patches/CVE-2016-4052.patch: perform bounds checking and remove asserts in src/esi/Esi.cc. - CVE-2016-4052 - CVE-2016-4053 - CVE-2016-4054 * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an absolute-URI - debian/patches/CVE-2016-4553.patch: properly handle condition in src/client_side.cc - CVE-2016-4553 * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via crafted HTTP host header - debian/patches/CVE-2016-4554.patch: properly handle whitespace in src/mime_header.cc. - CVE-2016-4554 * SECURITY UPDATE: denial of service via ESI responses - debian/patches/CVE-2016-4555.patch: fix segfaults in src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc. - CVE-2016-4555 - CVE-2016-4556 * debian/rules: include autoreconf.mk. * debian/control: add dh-autoreconf to BuildDepends. * debian/patches/02-makefile-defaults.patch: also patch src/Makefile.am. -- Marc Deslauriers <email address hidden> Wed, 08 Jun 2016 07:50:10 -0400
Available diffs
squid3 (3.3.8-1ubuntu16.3) wily-security; urgency=medium * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc. - CVE-2016-3947 * SECURITY UPDATE: denial of service and possible code execution via seeding manager reporter with crafted data - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal content generation in tools/cachemgr.cc, added tests to src/tests/Stub.list, src/tests/stub_cbdata.cc, src/tests/stub_mem.cc, tools/Makefile.am. - CVE-2016-4051 * SECURITY UPDATE: denial of service or arbitrary code execution via crafted ESI responses - debian/patches/CVE-2016-4052.patch: perform bounds checking and remove asserts in src/esi/Esi.cc. - CVE-2016-4052 - CVE-2016-4053 - CVE-2016-4054 * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an absolute-URI - debian/patches/CVE-2016-4553.patch: properly handle condition in src/client_side.cc - CVE-2016-4553 * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via crafted HTTP host header - debian/patches/CVE-2016-4554.patch: properly handle whitespace in src/mime_header.cc. - CVE-2016-4554 * SECURITY UPDATE: denial of service via ESI responses - debian/patches/CVE-2016-4555.patch: fix segfaults in src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc. - CVE-2016-4555 - CVE-2016-4556 * debian/rules: include autoreconf.mk. * debian/control: add dh-autoreconf to BuildDepends. * debian/patches/02-makefile-defaults.patch: also patch src/Makefile.am. -- Marc Deslauriers <email address hidden> Tue, 07 Jun 2016 10:02:11 -0400
Available diffs
squid3 (3.5.12-1ubuntu7.2) xenial-security; urgency=medium * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc. - CVE-2016-3947 * SECURITY UPDATE: denial of service and possible code execution via seeding manager reporter with crafted data - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal content generation in tools/cachemgr.cc, src/tests/stub_cbdata.cc, src/tests/stub_mem.cc, tools/Makefile.am. - CVE-2016-4051 * SECURITY UPDATE: denial of service or arbitrary code execution via crafted ESI responses - debian/patches/CVE-2016-4052.patch: perform bounds checking and remove asserts in src/esi/Esi.cc. - CVE-2016-4052 - CVE-2016-4053 - CVE-2016-4054 * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an absolute-URI - debian/patches/CVE-2016-4553.patch: properly handle condition in src/client_side.cc - CVE-2016-4553 * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via crafted HTTP host header - debian/patches/CVE-2016-4554.patch: properly handle whitespace in src/mime_header.cc. - CVE-2016-4554 * SECURITY UPDATE: denial of service via ESI responses - debian/patches/CVE-2016-4555.patch: fix segfaults in src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc. - CVE-2016-4555 - CVE-2016-4556 * debian/rules: include autoreconf.mk. * debian/control: add dh-autoreconf to BuildDepends. -- Marc Deslauriers <email address hidden> Wed, 08 Jun 2016 08:06:59 -0400
Available diffs
Superseded in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
squid3 (3.5.12-1ubuntu8) yakkety; urgency=medium * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc. - CVE-2016-3947 * SECURITY UPDATE: denial of service and possible code execution via seeding manager reporter with crafted data - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal content generation in tools/cachemgr.cc, src/tests/stub_cbdata.cc, src/tests/stub_mem.cc, tools/Makefile.am. - CVE-2016-4051 * SECURITY UPDATE: denial of service or arbitrary code execution via crafted ESI responses - debian/patches/CVE-2016-4052.patch: perform bounds checking and remove asserts in src/esi/Esi.cc. - CVE-2016-4052 - CVE-2016-4053 - CVE-2016-4054 * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an absolute-URI - debian/patches/CVE-2016-4553.patch: properly handle condition in src/client_side.cc - CVE-2016-4553 * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via crafted HTTP host header - debian/patches/CVE-2016-4554.patch: properly handle whitespace in src/mime_header.cc. - CVE-2016-4554 * SECURITY UPDATE: denial of service via ESI responses - debian/patches/CVE-2016-4555.patch: fix segfaults in src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc. - CVE-2016-4555 - CVE-2016-4556 * debian/rules: include autoreconf.mk. * debian/control: add dh-autoreconf to BuildDepends. -- Marc Deslauriers <email address hidden> Wed, 08 Jun 2016 08:05:32 -0400
Available diffs
Superseded in xenial-updates |
Superseded in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
Deleted in xenial-proposed (Reason: moved to -updates) |
squid3 (3.5.12-1ubuntu7.1) xenial; urgency=medium * Add Breaks on older ufw to fix upgrade path (LP: #1571174). -- Robie Basak <email address hidden> Thu, 12 May 2016 11:03:06 +0000
Available diffs
- diff from 3.5.12-1ubuntu7 to 3.5.12-1ubuntu7.1 (700 bytes)
Deleted in trusty-proposed (Reason: moved to -updates) |
squid3 (3.3.8-1ubuntu6.7) trusty; urgency=medium [ Stanislav German-Evtushenko ] * debian/squid3.upstart: - Don't daemonize squid3 when it's setting up directories (LP: #1405351) -- Michael Terry <email address hidden> Thu, 14 Apr 2016 12:04:53 -0400
Available diffs
Superseded in yakkety-release |
Published in xenial-release |
Deleted in xenial-proposed (Reason: moved to release) |
squid3 (3.5.12-1ubuntu7) xenial; urgency=medium * Update apparmor profile to be correct for maas-proxy. -- LaMont Jones <email address hidden> Tue, 12 Apr 2016 13:05:00 -0600
Available diffs
- diff from 3.5.12-1ubuntu6 to 3.5.12-1ubuntu7 (503 bytes)
squid3 (3.5.12-1ubuntu6) xenial; urgency=medium * Attempt to migrate /var/log/squid3 -> /var/log/squid on upgrade. * Update apparmor profile for s/squid3/squid/ and /dev/shm access. -- Adam Conrad <email address hidden> Sun, 03 Apr 2016 21:34:50 -0600
Available diffs
- diff from 3.3.8-1ubuntu17 to 3.5.12-1ubuntu6 (3.9 MiB)
- diff from 3.5.12-1ubuntu5 to 3.5.12-1ubuntu6 (899 bytes)
Superseded in xenial-proposed |
squid3 (3.5.12-1ubuntu5) xenial; urgency=medium * Use versioned Breaks/Replaces instead of an unversioned Conflicts, to further clean up the upgrade ordering. -- Steve Langasek <email address hidden> Fri, 01 Apr 2016 21:05:38 +0000
Available diffs
- diff from 3.5.12-1ubuntu4 to 3.5.12-1ubuntu5 (714 bytes)
Superseded in xenial-proposed |
squid3 (3.5.12-1ubuntu4) xenial; urgency=medium * Remove redundant version-guarded restart code from squid postinst, which doesn't do the right thing on Ubuntu upgrades. * Remove duplicated conffile handling from the squid3 dummy package with extreme prejudice. The conffile moving absolutely *must* be done exclusively in the squid package; trying to do it in the squid3 package causes pristine conffiles to be silently overwritten with any locally-modified version from the squid3 package, with hilarious effect. * Adjust squid.{pre,post}inst to trick dpkg-maintscript-helper into believing we had a previously installed version of this package even if we did not, which appears to be a requirement for mv_conffile to DTRT. This is certainly a dpkg bug that needs to be filed. * Move all Ubuntu-specific dpkg-maintscript-helper delta into debian/squid.maintscript for clarity/sanity. Among other things, this uncovers a bug where we're trying to call both mv_conffile and rm_conffile for /etc/init.d/squid3. * debian/squid3.{pre,post}inst: drop wrong short-circuiting of various invocations; we always want to call the debhelper block. * debian/squid3.postinst: don't try to stop squid3 again, this is redundant. * debian/squid3.postrm: don't rm -f conffiles in purge when dpkg already handles these. * Add missing pre-depends on adduser * Anchor the Conflicts/Replaces to the version of the package that introduced the name change in Ubuntu, to avoid upgrade ordering problems later. * Include upgrade migration handling for /var/spool/squid3 -> /var/spool/squid. This won't work if /var/spool/squid3 is a mount point, so fail gracefully, but leaving two full squid cache directories around after upgrade is a nuisance. * Remove empty /etc/squid3 dir on upgrade. * Clean up apparmor links for usr.sbin.squid3 on upgrade. We don't migrate these apparmor settings over, so at least don't leave stale links behind. -- Steve Langasek <email address hidden> Thu, 31 Mar 2016 19:01:47 -0700
Available diffs
Superseded in xenial-proposed |
squid3 (3.5.12-1ubuntu3) xenial; urgency=medium * Revert last postinst change as it's buggy. * Remove /etc/init.d/squid3 from preinst on upgrade. -- Stéphane Graber <email address hidden> Tue, 29 Mar 2016 22:46:16 -0400
Available diffs
- diff from 3.5.12-1ubuntu2 to 3.5.12-1ubuntu3 (925 bytes)
Superseded in xenial-proposed |
squid3 (3.5.12-1ubuntu2) xenial; urgency=medium * debian/squid.postinst: Fix dist-upgrade of squid by detecting service name (/etc/init.d/squid vs. squid3).
Available diffs
- diff from 3.5.12-1ubuntu1 to 3.5.12-1ubuntu2 (617 bytes)
squid3 (3.3.8-1ubuntu16.2) wily-security; urgency=medium [ Scott Moser ] * debian/patches/increase-default-forward-max-tries.patch: change the default setting of 'forward_max_tries' from 10 to 25. (LP: #1547640) [ Marc Deslauriers ] * SECURITY UPDATE: denial of service via crafted UDP SNMP request - debian/patches/CVE-2014-6270.patch: fix off-by-one in src/snmp_core.cc. - CVE-2014-6270 * SECURITY UPDATE: error handling vulnerability - debian/patches/CVE-2016-2571.patch: better handling of huge response headers in src/http.cc. - CVE-2016-2571 * Fix security issues that only apply when package is rebuilt with the enable-ssl flag, which is not the case in the Ubuntu archive. - debian/patches/CVE-2014-0128.patch: denial of service via a crafted range request. - debian/patches/CVE-2015-3455.patch: incorrect X509 server certificate domain matching. -- Marc Deslauriers <email address hidden> Fri, 04 Mar 2016 14:59:48 -0500
Available diffs
squid3 (3.3.8-1ubuntu6.6) trusty-security; urgency=medium [ Scott Moser ] * debian/patches/increase-default-forward-max-tries.patch: change the default setting of 'forward_max_tries' from 10 to 25. (LP: #1547640) [ Marc Deslauriers ] * SECURITY UPDATE: denial of service via crafted UDP SNMP request - debian/patches/CVE-2014-6270.patch: fix off-by-one in src/snmp_core.cc. - CVE-2014-6270 * SECURITY UPDATE: error handling vulnerability - debian/patches/CVE-2016-2571.patch: better handling of huge response headers in src/http.cc. - CVE-2016-2571 * Fix security issues that only apply when package is rebuilt with the enable-ssl flag, which is not the case in the Ubuntu archive. - debian/patches/CVE-2014-0128.patch: denial of service via a crafted range request. - debian/patches/CVE-2015-3455.patch: incorrect X509 server certificate domain matching. -- Marc Deslauriers <email address hidden> Fri, 04 Mar 2016 14:58:52 -0500
Available diffs
squid3 (3.1.19-1ubuntu3.12.04.6) precise-security; urgency=medium * SECURITY UPDATE: denial of service via crafted UDP SNMP request - debian/patches/CVE-2014-6270.patch: fix off-by-one in src/snmp_core.cc. - CVE-2014-6270 * SECURITY UPDATE: error handling vulnerability - debian/patches/CVE-2016-2571.patch: better handling of huge response headers in src/http.cc. - CVE-2016-2571 * Fix security issue that only applies when package is rebuilt with the enable-ssl flag, which is not the case in the Ubuntu archive. - debian/patches/CVE-2014-0128.patch: denial of service via a crafted range request. * debian/patches/increase-default-forward-max-tries.patch: change the default setting of 'forward_max_tries' from 10 to 25. (LP: #1547640) -- Marc Deslauriers <email address hidden> Fri, 04 Mar 2016 14:57:14 -0500
Superseded in xenial-proposed |
squid3 (3.5.12-1ubuntu1) xenial; urgency=medium * Merge from Debian (LP: #1473691). Remaining changes: - Add dep8 tests. - Use snakeoil certificates. - Run sarg-reports if present before rotating logs - debian/patches/90-cf.data.ubuntu.dpatch: add an example refresh pattern for debs. - Add disabled by default AppArmor profile. Versioned dependency on init-system-helpers (>> 1.22ubuntu5) to ensure we have the apparmor-profile-load script at boot time. * Drop changes: - No longer needed: + Upstart job. + Dependency package for squid -> squid3: depcrecated; the transitional package now runs the other way. + Fix perl & pod2man config.tests. + fix-logical-not-parentheses-warning.patch. + fix-pod2name-pipe-failure.patch. + --disable-strict-error-checking to fix FTBFS. - NEWS.Debian: no longer relevant. - Hardening options: deprecated. - Add patch to show distribution: fixed in Debian (but see lsb-release B-D). - Enable parallel build: makes no difference to build time. - Force -O2 to work around build failure with -O3: presumed no longer needed. - Fixed upstream: + CVE-2014-3609.patch: confirmed fixed since 3.4.7 from upstream advisory. + Fix various ICMP handling issues in Squid pinger: confirmed fixed since 3.4.7 from upstream advisory. + fix-caching-vary-header.patch. + netfilter_fix.patch. * Drop Testsuite: header from dep8 tests: no longer required since dpkg-source >= 1.17.11 does it. * Revert "Set pidfile for systemd's sysv-generator" from Debian. systemd races the squid daemon for pidfile creation, causing systemd to consider the service start to have failed. Work around for now by not telling systemd to use the pidfile. * Add lsb-release build dep. This is required for the --enable-build-info line in debian/rules to work correctly. * Correctly rename conffiles migrated by Debian from squid3 to squid. * Remove conffile for old upstart job Ubuntu delta. * Rename Apparmor profile conffile. * Drop old transitional Apparmor code no longer required. * Adjust AppArmor profile for squid3->squid rename. * Drop versioned AppArmor dependency (transitional; no longer required).
Available diffs
squid3 (3.3.8-1ubuntu17) xenial; urgency=medium * --disable-strict-error-checking to fix FTBFS due to auto_ptr defined in unique pointer headers. (LP: #1521234). -- Dimitri John Ledkov <email address hidden> Mon, 30 Nov 2015 15:32:14 +0000
Available diffs
- diff from 3.3.8-1ubuntu16 to 3.3.8-1ubuntu17 (565 bytes)
squid3 (3.3.8-1ubuntu6.4) trusty-proposed; urgency=low * d/squid3.upstart: Use SIGINT to terminate squid and wait at most 40 seconds for it to finish. (LP: #1073478) -- Tiago Stürmer Daitx <email address hidden> Wed, 14 Oct 2015 02:54:20 +0000
Available diffs
- diff from 3.3.8-1ubuntu6.3 to 3.3.8-1ubuntu6.4 (543 bytes)
squid3 (3.1.19-1ubuntu3.12.04.4) precise-proposed; urgency=low * d/squid3.upstart: Use SIGINT to terminate squid and wait at most 40 seconds for it to finish. (LP: #1073478) -- Tiago Stürmer Daitx <email address hidden> Wed, 14 Oct 2015 02:54:20 +0000
Available diffs
Superseded in xenial-release |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
squid3 (3.3.8-1ubuntu16) wily; urgency=medium [ Tiago Stürmer Daitx ] * d/patches/fix-logical-not-parentheses-warning.patch: Fix warning for logical-not-parentheses which caused squid to FTBFS. (LP: #1496924) * d/patches/netfilter_fix.patch: Backported from Squid Bug #4323. (LP: #1496223) * d/patches/fix-pod2name-pipe-failure.patch: Add --name parameter to pod2man (LP: #1501566) * roll back build-dependency to libecap2-dev, this version of squid3 is not compatible with libecap3 and libecap3 transition has been rolled back for wily. -- Steve Langasek <email address hidden> Fri, 09 Oct 2015 00:29:47 +0000
Available diffs
Superseded in wily-proposed |
squid3 (3.3.8-1ubuntu15) wily; urgency=medium * Build-depend on libecap3-dev instead of libecap2-dev. -- Matthias Klose <email address hidden> Wed, 02 Sep 2015 12:16:29 +0200
Available diffs
- diff from 3.3.8-1 (in Debian) to 3.3.8-1ubuntu15 (37.0 KiB)
- diff from 3.3.8-1ubuntu14 to 3.3.8-1ubuntu15 (677 bytes)
squid3 (3.3.8-1ubuntu6.3) trusty-proposed; urgency=low * d/patches/fix-caching-vary-header.patch: Added upstream patch for the bug which prevented squid from caching responses with Vary header. (LP: #1336742) Based on work by Oleg Strikov. -- Rolf Leggewie <email address hidden> Wed, 01 Jul 2015 15:25:59 -0700
Available diffs
Superseded in wily-release |
Obsolete in vivid-release |
Deleted in vivid-proposed (Reason: moved to release) |
squid3 (3.3.8-1ubuntu14) vivid; urgency=medium * Add versioned dependency on init-system-helpers (>> 1.22ubuntu5) to ensure we have the apparmor-profile-load script at boot time. (LP: #1432683) -- Serge Hallyn <email address hidden> Thu, 02 Apr 2015 11:12:27 -0500
Available diffs
- diff from 3.3.8-1ubuntu13 to 3.3.8-1ubuntu14 (750 bytes)
squid3 (3.3.8-1ubuntu13) vivid; urgency=medium * d/squid3.prerm: Removed redundant upstart-only code. Equivalent operations are carried out by debhelper-generated code in a more generic manner. (LP: #1424508) -- Oleg Strikov <email address hidden> Thu, 05 Mar 2015 14:24:33 +0300
Available diffs
- diff from 3.3.8-1ubuntu12 to 3.3.8-1ubuntu13 (669 bytes)
squid3 (3.3.8-1ubuntu12) vivid; urgency=medium * debian/tests/testlib_httpd.py: Use "service" command instead of upstart specific ones, and simplify the logic. * debian/tests/testlib.py, check_exe(): Check /proc/pid/exe symlink instead of parsing cmdline; the latter has "(squid-1)" with the init.d script, and it's not really what we are interested in. -- Martin Pitt <email address hidden> Fri, 06 Mar 2015 12:10:59 +0100
Available diffs
Superseded in vivid-proposed |
squid3 (3.3.8-1ubuntu11) vivid; urgency=medium * d/patches/fix-caching-vary-header.patch: Added upstream patch for the bug which prevented squid from caching responses with Vary header. (LP: #1336742) -- Oleg Strikov <email address hidden> Wed, 04 Mar 2015 15:08:54 +0300
Available diffs
squid3 (3.3.8-1ubuntu10) vivid; urgency=medium [Jacek Nykis] * d/usr.sbin.squid3: Apparmor profile has been changed to allow child processes to run execvp(argv[0], [kidname, ...]). (LP: #1416039) -- Oleg Strikov <email address hidden> Tue, 03 Mar 2015 18:18:20 +0300
Available diffs
- diff from 3.3.8-1ubuntu9 to 3.3.8-1ubuntu10 (539 bytes)
squid3 (3.3.8-1ubuntu8.1) utopic-security; urgency=medium * SECURITY UPDATE: Fix various ICMP handling issues in Squid pinger. (LP: #1384943) - CVE-2014-7141 - CVE-2014-7142 -- Jorge Niedbalski <email address hidden> Tue, 18 Nov 2014 14:47:33 -0300
Available diffs
squid3 (3.3.8-1ubuntu6.2) trusty-security; urgency=medium * SECURITY UPDATE: Fix various ICMP handling issues in Squid pinger. (LP: #1384943) - CVE-2014-7141 - CVE-2014-7142 -- Jorge Niedbalski <email address hidden> Tue, 18 Nov 2014 15:03:54 -0300
Available diffs
squid3 (3.3.8-1ubuntu9) vivid; urgency=medium * Fix various ICMP handling issues in Squid pinger. (LP: #1384943) -- Jorge Niedbalski <email address hidden> Tue, 18 Nov 2014 14:47:33 -0300
Available diffs
Superseded in vivid-release |
Obsolete in utopic-release |
Deleted in utopic-proposed (Reason: moved to release) |
squid3 (3.3.8-1ubuntu8) utopic; urgency=medium * SECURITY UPDATE: Ignore Range headers with unidentifiable byte-range values - debian/patches/CVE-2014-3609.patch: adjust src/HttpHdrRange.cc to return an error if unable to determine the byte value for ranges - CVE-2014-3609 -- Jamie Strandboge <email address hidden> Tue, 26 Aug 2014 13:51:07 -0500
Available diffs
squid3 (3.1.19-1ubuntu3.12.04.3) precise-security; urgency=medium * SECURITY UPDATE: Ignore Range headers with unidentifiable byte-range values - debian/patches/CVE-2014-3609.patch: adjust src/HttpHdrRange.cc to return an error if unable to determine the byte value for ranges - CVE-2014-3609 -- Jamie Strandboge <email address hidden> Tue, 26 Aug 2014 13:55:57 -0500
Available diffs
squid3 (3.3.8-1ubuntu6.1) trusty-security; urgency=medium * SECURITY UPDATE: Ignore Range headers with unidentifiable byte-range values - debian/patches/CVE-2014-3609.patch: adjust src/HttpHdrRange.cc to return an error if unable to determine the byte value for ranges - CVE-2014-3609 -- Jamie Strandboge <email address hidden> Tue, 26 Aug 2014 13:54:02 -0500
Available diffs
1 → 75 of 145 results | First • Previous • Next • Last |