Format: 1.8 Date: Wed, 08 Jun 2016 08:07:57 -0400 Source: squid3 Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi squid-purge squid Architecture: ppc64el Version: 3.3.8-1ubuntu6.8 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: squid - dependency package from squid to squid3 squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility squid3 - Full featured Web Proxy cache (HTTP proxy) squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility Changes: squid3 (3.3.8-1ubuntu6.8) trusty-security; urgency=medium . * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc. - CVE-2016-3947 * SECURITY UPDATE: denial of service and possible code execution via seeding manager reporter with crafted data - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal content generation in tools/cachemgr.cc, src/tests/Stub.list, src/tests/stub_cbdata.cc, src/tests/stub_mem.cc, tools/Makefile.am. - CVE-2016-4051 * SECURITY UPDATE: denial of service or arbitrary code execution via crafted ESI responses - debian/patches/CVE-2016-4052.patch: perform bounds checking and remove asserts in src/esi/Esi.cc. - CVE-2016-4052 - CVE-2016-4053 - CVE-2016-4054 * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an absolute-URI - debian/patches/CVE-2016-4553.patch: properly handle condition in src/client_side.cc - CVE-2016-4553 * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via crafted HTTP host header - debian/patches/CVE-2016-4554.patch: properly handle whitespace in src/mime_header.cc. - CVE-2016-4554 * SECURITY UPDATE: denial of service via ESI responses - debian/patches/CVE-2016-4555.patch: fix segfaults in src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc. - CVE-2016-4555 - CVE-2016-4556 * debian/rules: include autoreconf.mk. * debian/control: add dh-autoreconf to BuildDepends. * debian/patches/02-makefile-defaults.patch: also patch src/Makefile.am. * WARNING: This package does _not_ contain the changes from (3.3.8-1ubuntu6.7) in trusty-proposed. Checksums-Sha1: 56412634491551e0c14a6ccf68c379f680bc9fc1 1672724 squid3_3.3.8-1ubuntu6.8_ppc64el.deb 598b5cc7546577a3569d5bc039e38fc54475cfaa 936 squid3-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb 47ae9d6605af9f70e8ef18b109d7ba168e1a8632 8639110 squid3-dbg_3.3.8-1ubuntu6.8_ppc64el.deb 88440e7a45f0432563d32203eb3704f70d3db6a9 31272 squidclient_3.3.8-1ubuntu6.8_ppc64el.deb c93e15b7cd008e3afa0575b8c996f09f283c7e7d 998 squidclient-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb 6a2d37117033b2eb9233c1ad402bcd255b266945 36596 squid-cgi_3.3.8-1ubuntu6.8_ppc64el.deb b78b6b71ff461c48b569d15a1eb75c45558b54e6 1016 squid-cgi-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb d844d775762f54208325efb845f79fcef6df8ea7 24986 squid-purge_3.3.8-1ubuntu6.8_ppc64el.deb 95b287728ecbee436e441143553f59804b1796be 1000 squid-purge-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb 9981166dd154492583a39ec342d2579f9b8d5e6a 5962 squid_3.3.8-1ubuntu6.8_ppc64el.deb ec63aab47f557bac60f0099a238fab91760107cf 808 squid-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb Checksums-Sha256: b99840e32b1e6dc4cc20e673d2c79c36c7ae53c21712c84eb0d97c51e68b5515 1672724 squid3_3.3.8-1ubuntu6.8_ppc64el.deb 324bf7d465339c206ba608f054552b02fbeb716f33e98eab59c437b6199ec3fa 936 squid3-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb 82b1e0155ca6c6819d673c25651d5d0bf9ff17d2459236ff445dff4c50dfb57d 8639110 squid3-dbg_3.3.8-1ubuntu6.8_ppc64el.deb 215de6544723460b74835e36ff1bef2485ba17b705b87a82a355b4c837d715ad 31272 squidclient_3.3.8-1ubuntu6.8_ppc64el.deb 4bb89de1888b2612a90b79b593103772ac68a8875537a68e8fe1aaa97a6db2d4 998 squidclient-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb 32f8ce2f7000bf2831a043109637c3eb23e3f4df44c694a7e6467b56da28625e 36596 squid-cgi_3.3.8-1ubuntu6.8_ppc64el.deb b7ae2f13e18327afcd1bb4526e5b8e7076a49e43c3b5e094e340e9de6786bccb 1016 squid-cgi-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb 483736b951f22c76842e7009da993474063d6ca955348b193a54da46bc0ef643 24986 squid-purge_3.3.8-1ubuntu6.8_ppc64el.deb c7d9729029eb8dcc27429dac26f6fb25142ff4e93a3266c2ad3ffeab27b30cfb 1000 squid-purge-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb fd0d94436cc6b254d7c2f1092158fa3b4679209eb41d45eb9ea94394148650c1 5962 squid_3.3.8-1ubuntu6.8_ppc64el.deb 6d7a53bef09e2458ef4a3d1ec5eefbdcbad7f98c7dcec04845cf59508f9ec6ec 808 squid-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb Files: 18ffe44c0608cc7f6879c9c2f1b8f7f2 1672724 web optional squid3_3.3.8-1ubuntu6.8_ppc64el.deb 4264de7c27bccb9f7720a60ab5c453b5 936 web extra squid3-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb 10513b6082edb4f1dd6ad7fc05ad843c 8639110 debug extra squid3-dbg_3.3.8-1ubuntu6.8_ppc64el.deb 12e74d5c8ea16c6e05dc1896780ef1a4 31272 web optional squidclient_3.3.8-1ubuntu6.8_ppc64el.deb f004c5281d7857bdd6059d3ce813c7b3 998 web extra squidclient-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb b6f6c66657be839d77ee1eedd8491eb7 36596 web optional squid-cgi_3.3.8-1ubuntu6.8_ppc64el.deb 432e757f3da5f5b654c19b61a66a9ad6 1016 web extra squid-cgi-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb 55d58b9b20505a445b810d82327283d0 24986 web optional squid-purge_3.3.8-1ubuntu6.8_ppc64el.deb 0a8bdef92475bf78cc811b6f251a0c30 1000 web extra squid-purge-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb a032a8936021b223498f4a9d2de7c9d3 5962 web optional squid_3.3.8-1ubuntu6.8_ppc64el.deb 9045b253ad49ae6abadc1dd6aa44faa0 808 web extra squid-dbgsym_3.3.8-1ubuntu6.8_ppc64el.ddeb Original-Maintainer: Luigi Gangitano