-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 Aug 2014 20:14:32 +0200 Source: squid3 Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi Architecture: source all amd64 Version: 3.1.20-2.2+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Luigi Gangitano <luigi@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid3 - Full featured Web Proxy cache (HTTP proxy) squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility Changes: squid3 (3.1.20-2.2+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2014-3609.patch patch. CVE-2014-3609: Denial of Service in Range header processing. Ignore Range headers with unidentifiable byte-range values. If squid is unable to determine the byte value for ranges, treat the header as invalid. Checksums-Sha1: 819fa0768675932347f8331132c127552d40adc3 2087 squid3_3.1.20-2.2+deb7u2.dsc 4eba6b83b13d4cabc13640c9592de49af73b412c 3489463 squid3_3.1.20.orig.tar.gz 6d79a6e7db4233b4b63034ba914827d6e9e43ace 23813 squid3_3.1.20-2.2+deb7u2.debian.tar.gz ecc30ffaae521bd74619c6fb47880542304a2fd4 203760 squid3-common_3.1.20-2.2+deb7u2_all.deb 163e7b110933d045c20a2816fccef0a2dccd53ea 1643226 squid3_3.1.20-2.2+deb7u2_amd64.deb afe3c1173816f4375c91e7694bab5e65cbf3d416 6962882 squid3-dbg_3.1.20-2.2+deb7u2_amd64.deb ba7eea88712fd7db527e8e75f94016150a680346 113348 squidclient_3.1.20-2.2+deb7u2_amd64.deb 54c373f63fd3f2a2a599d5bc5bedbf5b58ee0a35 116210 squid-cgi_3.1.20-2.2+deb7u2_amd64.deb Checksums-Sha256: 74ae6dd047461437d46fa45493a03aea5ee7fe4f122be2a7692dcfaa35fa8fda 2087 squid3_3.1.20-2.2+deb7u2.dsc a0d52fa5d04a5382d63627ff622cea23f5f39a8f8a931f9ff10e4219fff44198 3489463 squid3_3.1.20.orig.tar.gz ac04ec55ef7c41a58a2ce5434cd38d7913462604d309c01cc0f2554c78301f72 23813 squid3_3.1.20-2.2+deb7u2.debian.tar.gz 513cc78ef18207ea56bdb8093aa4449f54fd211771361664b2180eca44a5069b 203760 squid3-common_3.1.20-2.2+deb7u2_all.deb 6db9e5c2b2f19661d49fc3bb0e3f2b438fc3bc603dfcfbac5a6f0eb2bb20608f 1643226 squid3_3.1.20-2.2+deb7u2_amd64.deb fea395b9dafdb7791ffefb8e651e305bc55c1b816564128394b3c0229a417dc4 6962882 squid3-dbg_3.1.20-2.2+deb7u2_amd64.deb 0b9347a42600a2dade6b942db30fe3d2cf501164fe929a4385d8430812dbbda8 113348 squidclient_3.1.20-2.2+deb7u2_amd64.deb 8bc15e39ca97dff77e33958491e4a03beac252012ec0f2985b295cd310089963 116210 squid-cgi_3.1.20-2.2+deb7u2_amd64.deb Files: edf9931975957d357d8f61d073d443d6 2087 web optional squid3_3.1.20-2.2+deb7u2.dsc 16a096568dd816eab4ba5e5139819cbd 3489463 web optional squid3_3.1.20.orig.tar.gz 80059a04fc1eb72950e81c0fa110d678 23813 web optional squid3_3.1.20-2.2+deb7u2.debian.tar.gz 2fb0bb0c05d8f3600da2c90f24925aa1 203760 web optional squid3-common_3.1.20-2.2+deb7u2_all.deb 55dbfe14aefa62c9c21c8f6a8441a100 1643226 web optional squid3_3.1.20-2.2+deb7u2_amd64.deb c3c8ac5f9433d77a16f98ad4bf7bd4a3 6962882 debug extra squid3-dbg_3.1.20-2.2+deb7u2_amd64.deb 3c6b54bf2549c5eb71cd272d0effdae6 113348 web optional squidclient_3.1.20-2.2+deb7u2_amd64.deb 7c1c9a370e31c5d93375c30b00ee7418 116210 web optional squid-cgi_3.1.20-2.2+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJT/tu/AAoJEAVMuPMTQ89EfOYP+wThjgDzTY6yfD5Ko8XoZ74P 1hujRFTsYYu79TAMErFQgcKKpCwlbfh6Ynp4CyIgx9iucoW/H7sDRP53S74vTsje 8ifBkjZIq3+9pq8P4iB1ZFnX1QVcDHpodUAJzeufGELDTpoqB6US2uBRquYGk7LV 7ldPKiv8IKtww/z3xtjyrxTOs/tgsU0bC7rha52iQaLM+SXK0ctp52deKLqgtUBv 1RjDREp63voB4h1QLR2o8bIOaotmuB69yZrNrNwimCsqZcib7ew5eMd4KVTxBHFV 2KsSCi6PNHkloNJQahdSG96fSuhPd5xn0ouzoFWL4aIy+rAUm+CofXABrZVoqIDF 8PmkG1QPOF1w1R7pvZhGrPhNDhIdwPrKQiN/Xr605MbTKaNwGJgqDgOMSlsSKuAn hAV9wQ49NxD7WXTC6P04JOsSMEYlkLVocqXcdLN0s+7qlAgk02ITCeyxAT7CdYlg v59t15xZanwh0iYXws09gTu/oG1e3RM7TXfEmIRmZI0WR9JVftGl1bWafycSzDCC q/vVr6rj/dCG4u249kzEXR4RKfPWkCd+AEL+h3kUPkIvoPmtZiBsjb2ONan5OL22 2JLdmrg0Mgde4hfyC+d7Bfi2hJQB1bm9xYvAHtgFe0moPTBOilWs198abT5PAGeQ cFChp79yRlPSBRZWcO6l =HyAh -----END PGP SIGNATURE-----