[ubuntu/bionic-proposed] squid3 3.5.23-5ubuntu2 (Accepted)

[Marc Deslauriers]

squid3 (3.5.23-5ubuntu2) bionic; urgency=medium

  * SECURITY UPDATE: denial of service in ESI Response processing
    - debian/patches/CVE-2018-1000024.patch: make sure endofName never
      exceeds tagEnd in src/esi/CustomParser.cc.
    - CVE-2018-1000024
  * SECURITY UPDATE: denial of service in in HTTP Message processing
    - debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
      transactions without a client connection in
      src/client_side_request.cc.
    - CVE-2018-1000027

Date: Thu, 01 Feb 2018 10:08:51 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/squid3/3.5.23-5ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 01 Feb 2018 10:08:51 -0500
Source: squid3
Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge
Architecture: source
Version: 3.5.23-5ubuntu2
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 squid      - Full featured Web Proxy cache (HTTP proxy)
 squid-cgi  - Full featured Web Proxy cache (HTTP proxy) - control CGI
 squid-common - Full featured Web Proxy cache (HTTP proxy) - common files
 squid-dbg  - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
 squid3     - Transitional package
 squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Changes:
 squid3 (3.5.23-5ubuntu2) bionic; urgency=medium
 .
   * SECURITY UPDATE: denial of service in ESI Response processing
     - debian/patches/CVE-2018-1000024.patch: make sure endofName never
       exceeds tagEnd in src/esi/CustomParser.cc.
     - CVE-2018-1000024
   * SECURITY UPDATE: denial of service in in HTTP Message processing
     - debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
       transactions without a client connection in
       src/client_side_request.cc.
     - CVE-2018-1000027
Checksums-Sha1:
 51681b72fa62e4de10c96681141af00213800868 2708 squid3_3.5.23-5ubuntu2.dsc
 7f68d593065abff32067bb012d93c0b9e68f3a31 49220 squid3_3.5.23-5ubuntu2.debian.tar.xz
 e46f1be25d44053b945d6580d336bcd2fb009ded 10055 squid3_3.5.23-5ubuntu2_source.buildinfo
Checksums-Sha256:
 086bfda044957bbddb535dd5b701b3d17f175d2cc42cd8955a05c4ee95bf29b7 2708 squid3_3.5.23-5ubuntu2.dsc
 76e27c3159069cb6afcc1860be887e6cb586985f857c8a7b1769f74442603a3a 49220 squid3_3.5.23-5ubuntu2.debian.tar.xz
 2d82b5bdaef3da6618855faa8cd507b136f7232eddb062b73c5f05f03b3b7c08 10055 squid3_3.5.23-5ubuntu2_source.buildinfo
Files:
 55251982ffd37de122c49386a8101d3d 2708 web optional squid3_3.5.23-5ubuntu2.dsc
 081584852a8b289a1bb678e10a87806b 49220 web optional squid3_3.5.23-5ubuntu2.debian.tar.xz
 2f2675fc3d97f5517dada9772afe0cb3 10055 web optional squid3_3.5.23-5ubuntu2_source.buildinfo
Original-Maintainer: Luigi Gangitano <luigi at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJac0VOAAoJEGVp2FWnRL6TBgIP/ieDmTE/3MdGdfK9lMeeKMc5
1JbfajK4ZYf1r4dEkr3cLUwapuT5510geHHD3aqU4loAzZx3NGUTtnUweftK/fHi
22M1Cm0bMnNW1N1gM6TLmlSkZlTzzTTXJ1+Dnn/fI04m8HVIxj4BTzTc+sf9IZfU
0oW6N8V9TZ5y4zMCYU3nssysqc22jTq0wYarH1B/hjre9UzZcOZ8L0uPEWCAq9DI
jzeqzH1LeIVHV99Y93vbm7WVP50BJbdMhmKmRFS1NoiUCURf34WDKDLgmx2wf6kG
Ppz7dEc1qo8D773JvYU59TLsZRTQwUjac7gQKZRoWbcpKenQwjbcIUrAzRQIyBzM
S1rTb61MxYR8k3lfrPY35pNPmfzqSeUkHq2X5+o0ebBy+vKmiqX72AqFtdnmeYDt
bVQCgJYxyBLPA+dTwpSYJkd19sfyduTdUpRFkXqTL0B+FQfyGWExZynTsSM+YYxP
tstyircjBf6vqoQx/uyYGn2cK1OAOwuhe6ysWW+7dL+qLE8FMluZgwpHFwD55UXi
PUFsOhq/OCw44QfSYpNZKA/u635hHREcgRYx527eF12zMWRVybVTaZFIu18Anz/B
bhrbcNndslPBu61Z13u74Ad7y2hm83oMDzGZbTB3zIQRPWzaHzw7m9NzKxY12Rmh
mYB0TNAoC+3YeLJ+l0rt
=gdac
-----END PGP SIGNATURE-----