[ubuntu/xenial-security] squid3 3.5.12-1ubuntu7.2 (Accepted)

[Marc Deslauriers]

squid3 (3.5.12-1ubuntu7.2) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet
    - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc.
    - CVE-2016-3947
  * SECURITY UPDATE: denial of service and possible code execution via
    seeding manager reporter with crafted data
    - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal
      content generation in tools/cachemgr.cc, src/tests/stub_cbdata.cc,
      src/tests/stub_mem.cc, tools/Makefile.am.
    - CVE-2016-4051
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    crafted ESI responses
    - debian/patches/CVE-2016-4052.patch: perform bounds checking and
      remove asserts in src/esi/Esi.cc.
    - CVE-2016-4052
    - CVE-2016-4053
    - CVE-2016-4054
  * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an
    absolute-URI
    - debian/patches/CVE-2016-4553.patch: properly handle condition in
      src/client_side.cc
    - CVE-2016-4553
  * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via
    crafted HTTP host header
    - debian/patches/CVE-2016-4554.patch: properly handle whitespace in
      src/mime_header.cc.
    - CVE-2016-4554
  * SECURITY UPDATE: denial of service via ESI responses
    - debian/patches/CVE-2016-4555.patch: fix segfaults in
      src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc.
    - CVE-2016-4555
    - CVE-2016-4556
  * debian/rules: include autoreconf.mk.
  * debian/control: add dh-autoreconf to BuildDepends.

Date: 2016-06-08 13:27:22.228304+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/squid3/3.5.12-1ubuntu7.2
-------------- next part --------------
Sorry, changesfile not available.