Debian Package Tracker

From: <dak@security.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted squid3 3.1.20-2.2+deb7u5 (source all amd64) into oldstable
Date: Mon, 16 May 2016 10:30:12 +0000
Signed by: Santiago Ruano Rincón <santiago@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 15 May 2016 17:56:13 +0200
Source: squid3
Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi
Architecture: source all amd64
Version: 3.1.20-2.2+deb7u5
Distribution: wheezy-security
Urgency: medium
Maintainer: Luigi Gangitano <luigi@debian.org>
Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net>
Description: 
 squid-cgi  - Full featured Web Proxy cache (HTTP proxy) - control CGI
 squid3     - Full featured Web Proxy cache (HTTP proxy)
 squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files
 squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols
 squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility
Changes: 
 squid3 (3.1.20-2.2+deb7u5) wheezy-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Team.
   * Fix CVE-2016-4051: Buffer overflow in cachemgr.cgi.
   * Fix CVE-2016-4052: Multiple stack-based buffer overflows by wrongly
     handling Edge Side Includes (ESI) responses.
   * Fix CVE-2016-4053: Public information disclosure of the server stack
     layout when processing ESI responses.
   * Fix CVE-2016-4054: Remote code execution when processing ESI responses.
   * Fix CVE-2016-4554: Header Smuggling issue in HTTP Request processing.
   * Fix CVE-2016-4555 and CVE-2016-4556: Denial of Service when processing
     ESI responses.
Checksums-Sha1: 
 93121ea6a6865afea1789102b8112077ccccebc9 2069 squid3_3.1.20-2.2+deb7u5.dsc
 86787a554d62cd81e7298a71281d82eccd13fade 34075 squid3_3.1.20-2.2+deb7u5.debian.tar.gz
 d8dc2552af2be1bad5975676cb4d4a4be63a0c3c 204314 squid3-common_3.1.20-2.2+deb7u5_all.deb
 a0bd5e297c6712d525ed3039a85778c951ec83c9 1648384 squid3_3.1.20-2.2+deb7u5_amd64.deb
 43f35c6733a62daed1a4a6a9107252b504951363 6980914 squid3-dbg_3.1.20-2.2+deb7u5_amd64.deb
 d12ced34669d5355b64c6c16c7be594a22da8e26 113752 squidclient_3.1.20-2.2+deb7u5_amd64.deb
 e24fa7d2255145e23e725c4166386468391f54f3 116438 squid-cgi_3.1.20-2.2+deb7u5_amd64.deb
Checksums-Sha256: 
 05e18d74073b2f42e1dbed4122c3b812e43e4d2db179d9e834d5032a9161f42f 2069 squid3_3.1.20-2.2+deb7u5.dsc
 cf9cdfb641c40489dcb551cf3376936df9446dcf4c9641a40af81b0c9f66f3db 34075 squid3_3.1.20-2.2+deb7u5.debian.tar.gz
 de590cd686578646d0db6818cb7ba8cfacae59ddd9707ad111d844c2659acdcb 204314 squid3-common_3.1.20-2.2+deb7u5_all.deb
 db20b110d9b52fe16a78456d60c0884a69c156554fb82be5e4314f77cd1beadd 1648384 squid3_3.1.20-2.2+deb7u5_amd64.deb
 87efdeaeb1d278052b290db36b9c7d48daeb5caaa24da1aeda1b6c22157b199f 6980914 squid3-dbg_3.1.20-2.2+deb7u5_amd64.deb
 2abceb474cee9f8cca5e72b71ad576db227c2c994c43263ed3ede0392f6fa086 113752 squidclient_3.1.20-2.2+deb7u5_amd64.deb
 303074c196d214153630283753af65f4d7c5ddba83d3f0061e4968dfad007d2d 116438 squid-cgi_3.1.20-2.2+deb7u5_amd64.deb
Files: 
 6c2e307d6951e99456094a63b696a1af 2069 web optional squid3_3.1.20-2.2+deb7u5.dsc
 49249ecaf2d7bb16c3889b9cbb0c5df3 34075 web optional squid3_3.1.20-2.2+deb7u5.debian.tar.gz
 f915bfc6969130934b0c2c627e98bf85 204314 web optional squid3-common_3.1.20-2.2+deb7u5_all.deb
 518c40fd3ec4b9f5846485120a914a14 1648384 web optional squid3_3.1.20-2.2+deb7u5_amd64.deb
 840fb78ce11709e60373b31fdc16acf6 6980914 debug extra squid3-dbg_3.1.20-2.2+deb7u5_amd64.deb
 d0df72d848e46c40e956fb5beb901d08 113752 web optional squidclient_3.1.20-2.2+deb7u5_amd64.deb
 72394ec5356a527e540cba1f2557544e 116438 web optional squid-cgi_3.1.20-2.2+deb7u5_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXOZ9FAAoJEN5v/bjI1ki9caMP/RVdveODau1xGjl4rnpLeetE
gB8UPTkeUrOzTuylcuqU7K9lVFj/qXA0duGCgMvV5OcNs6k90V5+hsjO9jyH+al1
0czA02BljDIla03hPRohSSpivk+oZ0Bq0BMnO+o+BbWU11GZUGos/T7uez/ZPa9s
+F8Eucr1oFHEm71fnRoZfFBlA7lX6DIbRv6F81UBNIdzZpzJmPPyFGBlPB+8EBic
sGvtboJJAr5SzrAh278K2YwbhqNxzk6r0vllh0Y0RxwhKATmEtAMOaD7uWxXNrfv
oSK2lFYE0TOmmLnVkXACJKELb5Mflz/0Y1d1WYIz98pu7Os/mRD6CA5Xure8Rn8z
NCrx2PFy+FYxqUOwXauPh2fdfWiocdT1vUt+9R7MKiR4xflqr8g1wx03+0oEWPgf
imQbD/exIWqyy606lh7Ybb5ElK1CP6BfbEXIwLm+fci7flgQHcPESdZF7i1THIxY
rdysvq0N/+UYymrrxt/j1hSjdza+wCYlZKPb7652sEurkmNRFnehA20RFF65VwHm
1deKQ2WR4UiezEcsiHuDyJ6trLH9oRuS+1sWOfeQKp3MUn0dDUQn/m58Bw9EcngG
bZntqd4y3YBFhKgaSa1xO233gUrPUkHWMZQuWGbZgyhz3gVR/b9GCDRggM32Yu8m
6r4ssGtAjscK6CKGAuLz
=goCx
-----END PGP SIGNATURE-----
News for package squid3
