Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted squid 4.6-1+deb10u9 (source) into oldoldstable
Date: Mon, 08 Jan 2024 23:00:18 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon,  8 Jan 2024 23:33:44 CET
Source: squid
Architecture: source
Version: 4.6-1+deb10u9
Distribution: buster-security
Urgency: high
Maintainer: Luigi Gangitano <luigi@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 e7191cebbe0973bc09479db101a23715bc95b0ec 2825 squid_4.6-1+deb10u9.dsc
 9070313b6a228832b25a1a5140f829704dd87a8d 88364 squid_4.6-1+deb10u9.debian.tar.xz
 2ce2e676365e1464ce987d048bcef65b4be1998c 10758 squid_4.6-1+deb10u9_amd64.buildinfo
Checksums-Sha256:
 23dd9f3c9f48a6529adcc192c9a0ee271739ee72961ff858dea6d5e6426b54d9 2825 squid_4.6-1+deb10u9.dsc
 91ad398b9834ec2a8ff8d25fc89a5cc93ae6b2ebd17fca6c0a6a6299f952d97f 88364 squid_4.6-1+deb10u9.debian.tar.xz
 f47749e0f307dde02c8a423ed5b607fae491228f42c1aaf4a2661b41521652ce 10758 squid_4.6-1+deb10u9_amd64.buildinfo
Changes:
 squid (4.6-1+deb10u9) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2023-50269, CVE-2023-49286, CVE-2023-49285, CVE-2023-46847,
     CVE-2023-46846.
   * Several security vulnerabilities have been discovered in Squid, a full
     featured web proxy cache. Due to programming errors in Squid's HTTP request
     parsing, remote attackers may be able to execute a denial of service attack
     by sending large X-Forwarded-For header or trigger a stack buffer overflow
     while performing HTTP Digest authentication. Other issues facilitate
     request smuggling past a firewall or a denial of service against Squid's
     Helper process management.
     In regard to CVE-2023-46728: Please note that support for the Gopher
     protocol has simply been removed in future Squid versions. There is no fix
     available. We recommend to reject all gopher URL requests instead.
Files:
 31b56d70e698162efcc697d0b4fac2a2 2825 web optional squid_4.6-1+deb10u9.dsc
 7de107420507030a927bb43873b36cf3 88364 web optional squid_4.6-1+deb10u9.debian.tar.xz
 4207a169505bc8de8dfdf93832adbae2 10758 web optional squid_4.6-1+deb10u9_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmWcecJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkIWIP/AwRh4SMPQO4vHYbgZK9+yta2/SK2KHO7F5i
nGICvcJaoJnwWHjFcOe/YESDqSxIPEN2VRd8ZQsDKXyMwBNOjK4qcY/Xaym+iiPU
oZ6R2HRsvPYVHL/reWJt5D4nxnS2KeTAyZy4pmvlLH/lBmqr8RSybR09jQg5vF1G
bXJDcUWO+kTAiZLDvtQjIpkb4Nb7arPBXjimIi/wOxSMubMKqJlN1aZL/YN+O8X5
jaMoGhgTd3m/RfuNHgMxfX1W+qZ/PDgcBSK2G9+GYquuSF2qlyoxjdQrWWomwivu
p2cUhteNc49gj5uj8Qo8n8IYC1UrqlxMAugN1NNzWVIrTKT3p7WfPwmKp5ep5Ocp
1+d9/7htq9rhtFoZG8C9zqxp6DU/y5j8Ty7y5kdD2LpNjK9bWJfF1XdPxfvyH0cl
HSzM4ZrvRIsffjYHKqao2dSNUL0QnCDuyAZFpVlrvnQn4MmmKaANDVhYGjJZ/oue
DO8zSDS7pShhV0zHDqXlD8xQr2CBESmtnZQ57BPTCoK2vDaod4x/8Cl5qJiM+bkr
1zp7Yxw9p7v345hyUKBrBYc+wk+Auz4trF+MzJdlSQ3MKmA+MBI/m5Yo4gO6wd44
qSU0fdkC3t1XhVJ0Mg65Rek7Cy+6ix+LMtVCVQvNISl63A6XzTyPR9D9TAlqn66D
x3Ix6Owd
=yhOj
-----END PGP SIGNATURE-----
News for package squid
