[ubuntu/zesty-proposed] squid3 3.5.12-1ubuntu9 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Feb 3 20:35:21 UTC 2017 

squid3 (3.5.12-1ubuntu9) zesty; urgency=medium

  * SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional
    - debian/patches/CVE-2016-10002.patch: properly handle combination of
      If-Match and a Cache Hit in src/LogTags.h, src/client_side.cc,
      src/client_side_reply.cc, src/client_side_reply.h.
    - CVE-2016-10002
  * SECURITY UPDATE: incorrect HTTP Request header comparison
    - debian/patches/CVE-2016-10003.patch: don't share private responses
      with collapsed client in src/client_side_reply.cc.
    - CVE-2016-10003

Date: Fri, 03 Feb 2017 13:07:31 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/squid3/3.5.12-1ubuntu9
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 03 Feb 2017 13:07:31 -0500
Source: squid3
Binary: squid3 squid squid-dbg squid-common squidclient squid-cgi squid-purge
Architecture: source
Version: 3.5.12-1ubuntu9
Distribution: zesty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 squid      - Full featured Web Proxy cache (HTTP proxy)
 squid-cgi  - Full featured Web Proxy cache (HTTP proxy) - control CGI
 squid-common - Full featured Web Proxy cache (HTTP proxy) - common files
 squid-dbg  - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility
 squid3     - Dummy transitional package.
 squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Changes:
 squid3 (3.5.12-1ubuntu9) zesty; urgency=medium
 .
   * SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional
     - debian/patches/CVE-2016-10002.patch: properly handle combination of
       If-Match and a Cache Hit in src/LogTags.h, src/client_side.cc,
       src/client_side_reply.cc, src/client_side_reply.h.
     - CVE-2016-10002
   * SECURITY UPDATE: incorrect HTTP Request header comparison
     - debian/patches/CVE-2016-10003.patch: don't share private responses
       with collapsed client in src/client_side_reply.cc.
     - CVE-2016-10003
Checksums-Sha1:
 b013ab7e00ac96ea45c03dda11489607e3f19f13 2603 squid3_3.5.12-1ubuntu9.dsc
 43e52d63f58de5d4b4570ec2a64501aefc38176d 51640 squid3_3.5.12-1ubuntu9.debian.tar.xz
Checksums-Sha256:
 962c5800aa79a000b70a117959f676151709614d85b1a166f89f090eabc75524 2603 squid3_3.5.12-1ubuntu9.dsc
 d31cb7efffe0e23f49021195c31cb72404f4bf7a72a775c0b2ce32cf87380bbe 51640 squid3_3.5.12-1ubuntu9.debian.tar.xz
Files:
 0d252b4b90ded3ba52b14b2f097e9ca3 2603 web optional squid3_3.5.12-1ubuntu9.dsc
 f3181de06a32245c92f6577701cc8493 51640 web optional squid3_3.5.12-1ubuntu9.debian.tar.xz
Original-Maintainer: Luigi Gangitano <luigi at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJYlNWAAAoJEGVp2FWnRL6TxkEP/2ygCgiXNfEX/XcVNClfhF3C
OXxAEZV3iRrwYt+XrVcGfbf/DCT3bS4DGWTOoIKHdcXS6Z9/Qg83GIKEqbNaKUGN
+qaLnpvKdHOKtmY+7+00wL268Kgh5YwtduZO1JSH4FZrjRYc5Pg9esNRdcK2SZaC
fiYcyyerGy6d0PD6KjH2+I7sjY2HwLIPdwIX19nYnN/5cA81c1l4BcW4acE9EWx3
S0smUk+bwDY2ZJLI4Q3w7Q9HbC3dYoy8qfaBRE5ZzFXprVMOpBmRwMVl+OM42VrG
6LSNu5PgoxikWr7uI91QNCCcJpv3kVYWlkpd2LELoXixtqbbbikejkYmQrv+cm6O
AWMoT5XvZg4/80YfAZEcUQhRT71C4sFN7ej79FmSLGfH6oiMXST/P+HTe2o44iRs
k1OU+O9Pl54lfzzZN4vy1goo90zGpPz5WlEoRk3ILD6cf74LzxQNL1/dXP4I4NYF
a5B+05kpTWvzW+dLw5EmZcjzN/5VUFV7CGwseaH2QrTTZnyd+iJozxHdT/m7qPck
/pfDP7Pwl22mjx2+85b+2DnTghEqd0Sj0sPwAmyZ1F0oQ3MwZBp/NqEm9Th8IqdO
w1qb2a8WY/kf1jzVnUjqeP82ZNB8ZuNi0HTSjUrGLIL+ZJyfss88m4bgcaBOZ6pz
U3wnejsJXZhIAky4WsfV
=P/4G
-----END PGP SIGNATURE-----

More information about the Zesty-changes mailing list