[ubuntu/noble-proposed] squid 6.1-2ubuntu2 (Accepted)

[Marc Deslauriers]

squid (6.1-2ubuntu2) noble; urgency=medium

  * SECURITY UPDATE: DoS against certificate validation
    - debian/patches/CVE-2023-46724.patch: fix validation of certificates
      with CN=* in src/anyp/Uri.cc.
    - CVE-2023-46724
  * SECURITY UPDATE: HTTP request smuggling, caused by chunked decoder
    lenience
    - debian/patches/CVE-2023-46846.patch: improve HTTP chunked encoding
      compliance in src/http/one/Parser.cc, src/http/one/Parser.h,
      src/http/one/TeChunkedParser.cc, src/parser/Tokenizer.cc,
      src/parser/Tokenizer.h.
    - CVE-2023-46846
  * SECURITY UPDATE: DoS via HTTP Digest Authentication
    - debian/patches/CVE-2023-46847.patch: fix stack buffer overflow when
      parsing Digest Authorization in src/auth/digest/Config.cc.
    - CVE-2023-46847
  * SECURITY UPDATE: DoS via ftp:// URLs
    - debian/patches/CVE-2023-46848.patch: fix userinfo percent-encoding in
      src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.cc,
      src/anyp/Uri.cc.
    - CVE-2023-46848

Date: Mon, 13 Nov 2023 08:41:30 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/squid/6.1-2ubuntu2
-------------- next part --------------
Format: 1.8
Date: Mon, 13 Nov 2023 08:41:30 -0500
Source: squid
Built-For-Profiles: noudeb
Architecture: source
Version: 6.1-2ubuntu2
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 squid (6.1-2ubuntu2) noble; urgency=medium
 .
   * SECURITY UPDATE: DoS against certificate validation
     - debian/patches/CVE-2023-46724.patch: fix validation of certificates
       with CN=* in src/anyp/Uri.cc.
     - CVE-2023-46724
   * SECURITY UPDATE: HTTP request smuggling, caused by chunked decoder
     lenience
     - debian/patches/CVE-2023-46846.patch: improve HTTP chunked encoding
       compliance in src/http/one/Parser.cc, src/http/one/Parser.h,
       src/http/one/TeChunkedParser.cc, src/parser/Tokenizer.cc,
       src/parser/Tokenizer.h.
     - CVE-2023-46846
   * SECURITY UPDATE: DoS via HTTP Digest Authentication
     - debian/patches/CVE-2023-46847.patch: fix stack buffer overflow when
       parsing Digest Authorization in src/auth/digest/Config.cc.
     - CVE-2023-46847
   * SECURITY UPDATE: DoS via ftp:// URLs
     - debian/patches/CVE-2023-46848.patch: fix userinfo percent-encoding in
       src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.cc,
       src/anyp/Uri.cc.
     - CVE-2023-46848
Checksums-Sha1:
 e46b5c36d1d19fc20c395fcd104485d732102791 3026 squid_6.1-2ubuntu2.dsc
 9b8523b43d0ca6f8546ccd62760fa01e9fdbe3cb 55052 squid_6.1-2ubuntu2.debian.tar.xz
 558d1abb3a0f16de251861bbab9a4f0102ca9c56 8101 squid_6.1-2ubuntu2_source.buildinfo
Checksums-Sha256:
 d052e5156d9b343e271ae7cb5a3e483355440971d4bec39748ddffe4a9d08d35 3026 squid_6.1-2ubuntu2.dsc
 92b2bf21dd1552980ef96636c2e73020f5d590588a088f9856b9c2fcf1d02532 55052 squid_6.1-2ubuntu2.debian.tar.xz
 ccdaf4f0000799f04276c7d1bb651270cb12c8cb05d4e46b749462be8007f963 8101 squid_6.1-2ubuntu2_source.buildinfo
Files:
 dec2ca0b3dc6fca225a5212c3759a5de 3026 web optional squid_6.1-2ubuntu2.dsc
 17b46bda186aede46b8f3c909052f495 55052 web optional squid_6.1-2ubuntu2.debian.tar.xz
 e5f4d50112e6b172711fca052d16909b 8101 web optional squid_6.1-2ubuntu2_source.buildinfo
Original-Maintainer: Luigi Gangitano <luigi at debian.org>