Format: 1.8
Date: Wed, 08 Jun 2016 08:06:59 -0400
Source: squid3
Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge
Architecture: ppc64el
Version: 3.5.12-1ubuntu7.2
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos01-ppc64el-026.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 squid      - Full featured Web Proxy cache (HTTP proxy)
 squid-cgi  - Full featured Web Proxy cache (HTTP proxy) - control CGI
 squid-common - Full featured Web Proxy cache (HTTP proxy) - common files
 squid-dbg  - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
 squid3     - Dummy transitional package.
 squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Changes:
 squid3 (3.5.12-1ubuntu7.2) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet
     - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc.
     - CVE-2016-3947
   * SECURITY UPDATE: denial of service and possible code execution via
     seeding manager reporter with crafted data
     - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal
       content generation in tools/cachemgr.cc, src/tests/stub_cbdata.cc,
       src/tests/stub_mem.cc, tools/Makefile.am.
     - CVE-2016-4051
   * SECURITY UPDATE: denial of service or arbitrary code execution via
     crafted ESI responses
     - debian/patches/CVE-2016-4052.patch: perform bounds checking and
       remove asserts in src/esi/Esi.cc.
     - CVE-2016-4052
     - CVE-2016-4053
     - CVE-2016-4054
   * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an
     absolute-URI
     - debian/patches/CVE-2016-4553.patch: properly handle condition in
       src/client_side.cc
     - CVE-2016-4553
   * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via
     crafted HTTP host header
     - debian/patches/CVE-2016-4554.patch: properly handle whitespace in
       src/mime_header.cc.
     - CVE-2016-4554
   * SECURITY UPDATE: denial of service via ESI responses
     - debian/patches/CVE-2016-4555.patch: fix segfaults in
       src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc.
     - CVE-2016-4555
     - CVE-2016-4556
   * debian/rules: include autoreconf.mk.
   * debian/control: add dh-autoreconf to BuildDepends.
Checksums-Sha1:
 0ada705f9222dacb1118ad4de059e7d026e513cd 115472 squid-cgi-dbgsym_3.5.12-1ubuntu7.2_ppc64el.ddeb
 75ee08b248871cd1ed744377c6291b4edab3af46 62436 squid-cgi_3.5.12-1ubuntu7.2_ppc64el.deb
 a31921f805d2054e4d5a2f66bddc069a573fee30 11820552 squid-dbg_3.5.12-1ubuntu7.2_ppc64el.deb
 28c801c9331ba1be661988001394597187c235e9 11578372 squid-dbgsym_3.5.12-1ubuntu7.2_ppc64el.ddeb
 03173aee8519a0d5fb68412a0fb21a141c18f15d 74582 squid-purge-dbgsym_3.5.12-1ubuntu7.2_ppc64el.ddeb
 7be58155ba35618a307435bc3e549f1a54099061 53390 squid-purge_3.5.12-1ubuntu7.2_ppc64el.deb
 c0bc455786a8da5d52d34315591a0f3c4e2368ed 2170366 squid_3.5.12-1ubuntu7.2_ppc64el.deb
 a02185b31c5754d19b65598ddc4568004b008dea 145382 squidclient-dbgsym_3.5.12-1ubuntu7.2_ppc64el.ddeb
 daf9d60ddb565db2defe847464da9a2a39670346 63378 squidclient_3.5.12-1ubuntu7.2_ppc64el.deb
Checksums-Sha256:
 e9e6b723df4457e463f5715cd040dea53789f42f30826eda355134c97d93afab 115472 squid-cgi-dbgsym_3.5.12-1ubuntu7.2_ppc64el.ddeb
 14e59e2a5b84df92a54a5edc3ad171ce8aea408eaedd2dd1918e50874f86a460 62436 squid-cgi_3.5.12-1ubuntu7.2_ppc64el.deb
 a87708293ec7301d1e0a7bc5737dfcf9053249a09e7179442b510d1c25f2e8a6 11820552 squid-dbg_3.5.12-1ubuntu7.2_ppc64el.deb
 109c9df54edccb1cac1b332fcddfac2fefa8d25078bb0ebe146fea65554756ad 11578372 squid-dbgsym_3.5.12-1ubuntu7.2_ppc64el.ddeb
 b3d97c32a24463dd32aad1308cd07732282c2416aab6d2109d80820d4fb5fe0b 74582 squid-purge-dbgsym_3.5.12-1ubuntu7.2_ppc64el.ddeb
 c1c968424296a058abafb6df2a3c912c3d1d442e90f4a81a5584230ba5e30d6b 53390 squid-purge_3.5.12-1ubuntu7.2_ppc64el.deb
 04219445e20281b0f535161be4049994796d71563c80b441909e73b890608384 2170366 squid_3.5.12-1ubuntu7.2_ppc64el.deb
 f62c5eef69c5f59bc71df655471171697d4a6a697ea7373496ba79878238d40e 145382 squidclient-dbgsym_3.5.12-1ubuntu7.2_ppc64el.ddeb
 a9838aa2a2564fee92cb68c21099d4e58203980b7b859c1f7607ae38002fb127 63378 squidclient_3.5.12-1ubuntu7.2_ppc64el.deb
Files:
 ea05aead88ad926acf817d1dae9220ff 115472 web extra squid-cgi-dbgsym_3.5.12-1ubuntu7.2_ppc64el.ddeb
 8183ca51aafe6bc6b0f691175ff97230 62436 web optional squid-cgi_3.5.12-1ubuntu7.2_ppc64el.deb
 f64e458569875e94df8167820ce14612 11820552 debug extra squid-dbg_3.5.12-1ubuntu7.2_ppc64el.deb
 0d2291f25cb7c20097efa66465bdf5bf 11578372 web extra squid-dbgsym_3.5.12-1ubuntu7.2_ppc64el.ddeb
 d9da9282c3b7ce513899f6104111a1a4 74582 web extra squid-purge-dbgsym_3.5.12-1ubuntu7.2_ppc64el.ddeb
 d0d5fefb934d544dcfca8bbdff90d934 53390 web optional squid-purge_3.5.12-1ubuntu7.2_ppc64el.deb
 471148aca6dccb29e1714f0715a15fec 2170366 web optional squid_3.5.12-1ubuntu7.2_ppc64el.deb
 75ab37ca507026759093152d17f6ac15 145382 web extra squidclient-dbgsym_3.5.12-1ubuntu7.2_ppc64el.ddeb
 f82df13f636d577a967de57475e1c3a0 63378 web optional squidclient_3.5.12-1ubuntu7.2_ppc64el.deb
Original-Maintainer: Luigi Gangitano <luigi@debian.org>