-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 24 Jul 2019 19:33:25 +0200 Source: squid Architecture: source Version: 4.6-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Luigi Gangitano <luigi@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 931478 Changes: squid (4.6-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Denial of Service issue in cachemgr.cgi (CVE-2019-12854) * Denial of Service issue in HTTP Basic Authentication processing (CVE-2019-12529) * Denial of Service issue in HTTP Digest Authentication processing (CVE-2019-12525) * Heap Overflow issue in HTTP Basic Authentication processing (CVE-2019-12527) * Multiple Cross-Site Scripting issues in cachemgr.cgi (CVE-2019-13345) (Closes: #931478) Checksums-Sha1: 0b16f6962ae96dcbcc326a38db19480369584a1b 2829 squid_4.6-1+deb10u1.dsc 57d392b177bd9fe5896b480e29356cc555b5bfc8 5174095 squid_4.6.orig.tar.gz 1657116ed5c8fc9c9d6e755e6cdfa38efca774c3 42260 squid_4.6-1+deb10u1.debian.tar.xz Checksums-Sha256: d74b78ab0944af0fcfe745407d987ad854352e28dfc1db359d423bec387ce347 2829 squid_4.6-1+deb10u1.dsc 190f5c015624f53279e5376749b08192f4023219398db3a40892d484513701c7 5174095 squid_4.6.orig.tar.gz af187125bf1f2ab6f493055a8def2e4411279782650ceecb30790be75cfd2af6 42260 squid_4.6-1+deb10u1.debian.tar.xz Files: 2bce1c2767cf3c2d312a06d075b2d877 2829 web optional squid_4.6-1+deb10u1.dsc bc5f9ddeda7e39d2f3338bc4bbce0d9b 5174095 web optional squid_4.6.orig.tar.gz ed95f136676eb6bfef194a59d8761cb9 42260 web optional squid_4.6-1+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl04tjNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E6TcP/3dCOZ6yyfKwwziXNRuJv2Sv0pa73Oym fFOimUFOnJ/cNcb4GiH4bLuYbQUhOhbIZpVrAaekIn/LieqKdBPePibI9FI60A4a IYSXRieom32kggwkDa/ASo+1ds+0pBn+fqciwlOBpzAW91th50HyK3O1B3bqBqIg 2TLuQogN2uPMK4Iq74SXWWwyVYJbo2Ung2jx4xcS7FHBd42sCIJQSBCU46v2U/6q M9FdwAODBT3ofiSFOjtkspFRMlKkK6elo1IhoO+DODsWcO2k2MuRt8rvuIUsOUky n3oXUaBUUqrDtnZFWKPBu6/HIxSQuPtaCwO0ki0bSQ9v1jEsS8HDHJSNi89Q3qiJ 0mGeQh6brpALIcsWinbOYHjuSzx1WGyZVPCNlFnprrh7KQT9ILt8qv38Gmu+uZ63 7oFCbH6EMTOqG1QtUG8siJIUHU3arAJuu0CZdwH+t05++wZExmb52iVXeej1fDzh 2KPe96TjnUf9yQKpRguxGLnV1Dk0uIE5t9Dd1hjX2nBUVQPyUqEFmGboeIwhFEmp UdxrqYTJCxF6AUDFpAmctoIx1S5THa3SKHFgHPQwD7rcsJE1x9RQmVjMPv1pkkxX XgLqe60x+IyShihv0p6V6Jy4HG18HYY+DDqsCkWiXXnaQOskSkZYkdzkK8EfBgMA DfIkrJ5naKo+ =kyfo -----END PGP SIGNATURE-----