Format: 1.8 Date: Wed, 08 Jun 2016 08:07:57 -0400 Source: squid3 Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi squid-purge squid Architecture: arm64 Version: 3.3.8-1ubuntu6.8 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: squid - dependency package from squid to squid3 squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility squid3 - Full featured Web Proxy cache (HTTP proxy) squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility Changes: squid3 (3.3.8-1ubuntu6.8) trusty-security; urgency=medium . * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc. - CVE-2016-3947 * SECURITY UPDATE: denial of service and possible code execution via seeding manager reporter with crafted data - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal content generation in tools/cachemgr.cc, src/tests/Stub.list, src/tests/stub_cbdata.cc, src/tests/stub_mem.cc, tools/Makefile.am. - CVE-2016-4051 * SECURITY UPDATE: denial of service or arbitrary code execution via crafted ESI responses - debian/patches/CVE-2016-4052.patch: perform bounds checking and remove asserts in src/esi/Esi.cc. - CVE-2016-4052 - CVE-2016-4053 - CVE-2016-4054 * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an absolute-URI - debian/patches/CVE-2016-4553.patch: properly handle condition in src/client_side.cc - CVE-2016-4553 * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via crafted HTTP host header - debian/patches/CVE-2016-4554.patch: properly handle whitespace in src/mime_header.cc. - CVE-2016-4554 * SECURITY UPDATE: denial of service via ESI responses - debian/patches/CVE-2016-4555.patch: fix segfaults in src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc. - CVE-2016-4555 - CVE-2016-4556 * debian/rules: include autoreconf.mk. * debian/control: add dh-autoreconf to BuildDepends. * debian/patches/02-makefile-defaults.patch: also patch src/Makefile.am. * WARNING: This package does _not_ contain the changes from (3.3.8-1ubuntu6.7) in trusty-proposed. Checksums-Sha1: 552939d687ffaee25581825b9bc19ca8bfcb83f1 1602392 squid3_3.3.8-1ubuntu6.8_arm64.deb 327517e92e5edd962aac407f1d07b632048c5436 934 squid3-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb 072aa9b80da1dc20870f1cafbf07afd5222a30d5 8710428 squid3-dbg_3.3.8-1ubuntu6.8_arm64.deb d4a8559a140b5a9135014dd33706d51489f82772 29602 squidclient_3.3.8-1ubuntu6.8_arm64.deb 92998252b4c1238336dbd474ccf32ce30ababa2d 998 squidclient-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb 4020b3eca896b046a178223d7b1b7b068423ecd6 34116 squid-cgi_3.3.8-1ubuntu6.8_arm64.deb 17f0316db27eb5ae5b9e70cdcf4138216e794aba 1012 squid-cgi-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb 82de9d12dceb3b23b2b8eaa2f5d8d5a394715d9b 23672 squid-purge_3.3.8-1ubuntu6.8_arm64.deb 18a98966dbdb51d8879793c95029ab49ea3d12e0 1000 squid-purge-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb 0c2f9d05a291fb2aaa471455b8f6f018424526a5 5960 squid_3.3.8-1ubuntu6.8_arm64.deb d4eca228ba969399ccd23ebd653ad22e47cf115a 810 squid-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb Checksums-Sha256: 998b5e27a2b48047805f68419cff2fd323a2bc18a806189eba68efa8cdfea476 1602392 squid3_3.3.8-1ubuntu6.8_arm64.deb 5de08afcf33449359655e6ca34a1695634769ab26c2db641abf8c0f3e4d4110e 934 squid3-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb 59bf31acda029164a15ecfad71e1ac5692e5bccc6943af7abfc7ada4acbd70a0 8710428 squid3-dbg_3.3.8-1ubuntu6.8_arm64.deb ecb2b855de7feaac6f4c10b763c0e4d95a4b3a6276b552269e67b0b18f15dc15 29602 squidclient_3.3.8-1ubuntu6.8_arm64.deb 82192fd91346ad564617982f9b1aed13d3f1b96c67fecc8d080230144a21085a 998 squidclient-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb ede9024acd16ab67e38603f29abec099c69159ba93ddec900493e4568f5b1e1d 34116 squid-cgi_3.3.8-1ubuntu6.8_arm64.deb 555f78e689bd54a0ef7c6f6924aabf71004e7150a9bc7c44242fa8ef2dbb885e 1012 squid-cgi-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb 89bfd25073949a7569f46576758fee0e923730c4d1e9333214489f5f36266058 23672 squid-purge_3.3.8-1ubuntu6.8_arm64.deb 73ce642b7cc269ee72dcefc5a90771928e4ee45ae66e192b38b937cefa2271c0 1000 squid-purge-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb e1b0f29cafcef3447c34815827ecb08a0417f4d2adeb93ad3386a834a608de9f 5960 squid_3.3.8-1ubuntu6.8_arm64.deb aa1ca7ac349a0985b734eb73b0edb7adf37027c9dda56ba8e0c7f9c9f50c782a 810 squid-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb Files: 764a0b4bbce0b832583adbad8b183d9a 1602392 web optional squid3_3.3.8-1ubuntu6.8_arm64.deb d81f0f12557c3fa3b86cfc7e2d62fb87 934 web extra squid3-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb b7104712caf6ec1e9928279eb84c52f0 8710428 debug extra squid3-dbg_3.3.8-1ubuntu6.8_arm64.deb 9e4c7dcec6a8228a8508c01300899676 29602 web optional squidclient_3.3.8-1ubuntu6.8_arm64.deb 3515ca6155bfa8b79fa632504ae528b1 998 web extra squidclient-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb 2018c74ead71e66c683e15b6ac8dfd69 34116 web optional squid-cgi_3.3.8-1ubuntu6.8_arm64.deb 54690d60830101e64091eff0e09cd931 1012 web extra squid-cgi-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb 4c40803a480f195d94b0a9da10d0b1c0 23672 web optional squid-purge_3.3.8-1ubuntu6.8_arm64.deb 05092a167d71820fcb712bd106e3dde6 1000 web extra squid-purge-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb 103674b910aee2093b1b5fa23bb0c70c 5960 web optional squid_3.3.8-1ubuntu6.8_arm64.deb ba477fac015307c5dc4ac09573d243d4 810 web extra squid-dbgsym_3.3.8-1ubuntu6.8_arm64.ddeb Original-Maintainer: Luigi Gangitano