-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 13 May 2016 08:09:16 +0200 Source: squid3 Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi squid-purge Architecture: source all amd64 Version: 3.4.8-6+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Luigi Gangitano <luigi@debian.org> Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net> Description: squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility squid3 - Full featured Web Proxy cache (HTTP proxy) squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility Changes: squid3 (3.4.8-6+deb8u3) jessie-security; urgency=high . * Non-maintainer upload. * Fix CVE-2016-4051: Buffer overflow in cachemgr.cgi. * Fix CVE-2016-4052: Multiple stack-based buffer overflows by wrongly handling Edge Side Includes (ESI) responses. * Fix CVE-2016-4053: Public information disclosure of the server stack layout when processing ESI responses. * Fix CVE-2016-4054: Remote code execution when processing ESI responses. * Fix CVE-2016-4553: Cache Poisoning issue in HTTP Request handling. * Fix CVE-2016-4554: Header Smuggling issue in HTTP Request processing. * Fix CVE-2016-4555 and CVE-2016-4556: Denial of Service when processing ESI responses. * debian/rules: include /usr/share/cdbs/1/rules/autoreconf.mk, needed by CVE-2016-4051 fix. * debian/control: Add Build-depend on dh-autoreconf Checksums-Sha1: f11d28995403de264408781762ee460a88595713 2314 squid3_3.4.8-6+deb8u3.dsc aaa5bf777857f0397fc7483bcab794d4792e3602 38292 squid3_3.4.8-6+deb8u3.debian.tar.xz 55b74b22740e05f3eb2786bd702bb4caa0f05a76 258614 squid3-common_3.4.8-6+deb8u3_all.deb 54de1bcf23a2c9167acf3a5bff034ef2efe1441a 2068944 squid3_3.4.8-6+deb8u3_amd64.deb 47d5ecf87d08541aa66f73d67887c9f7d2aaac02 8625316 squid3-dbg_3.4.8-6+deb8u3_amd64.deb f82417b42379cc9434b43e6c193aa59df9515487 141394 squidclient_3.4.8-6+deb8u3_amd64.deb 3f75d7b3a2fbcf1cc19f7bc63f2dcd77ac6b4cb1 146710 squid-cgi_3.4.8-6+deb8u3_amd64.deb c41cb1030cfef59298169636e7af11724d60d09c 139128 squid-purge_3.4.8-6+deb8u3_amd64.deb Checksums-Sha256: a88d455811f358543692cc5167771b60e6be77d89935a5bfb36926b15655287c 2314 squid3_3.4.8-6+deb8u3.dsc b52daf4b74c692be2ae2721e77913f6d18e9919fd37452e9ec92fbc11ffbf983 38292 squid3_3.4.8-6+deb8u3.debian.tar.xz 54c9cc402cbeb152e60e27cf68141312c979e283d3b8a8c64a6d7891ca5642fb 258614 squid3-common_3.4.8-6+deb8u3_all.deb 57573b36f7791327c5f77304146a8fef02cd15eb2bff50823346608f81e68755 2068944 squid3_3.4.8-6+deb8u3_amd64.deb ad4bf7c39a1c36d5567d03599313e47a2d41046c540b1586f650d708d948ac10 8625316 squid3-dbg_3.4.8-6+deb8u3_amd64.deb 892c0c0445d07866adbcd1ee4bec95dde7a575150480e028ba2808603f520acf 141394 squidclient_3.4.8-6+deb8u3_amd64.deb 20f11f0f85190d90d0d8eb95ededa7375e42db965c8f36e2769702fa75549c13 146710 squid-cgi_3.4.8-6+deb8u3_amd64.deb 3ee29aef20147b3865c1ba79995968c14a8a84799f4eb0e885c1ec82ef67312c 139128 squid-purge_3.4.8-6+deb8u3_amd64.deb Files: 9c6a2bcdfd9497d8ddf4c46c11bec549 2314 web optional squid3_3.4.8-6+deb8u3.dsc de76e429fbc4179c2f59cc1f8bdf6440 38292 web optional squid3_3.4.8-6+deb8u3.debian.tar.xz 891d9f2cf4d16d2777ff49c330403864 258614 web optional squid3-common_3.4.8-6+deb8u3_all.deb 1f17cdceea95af0e6e0b851edc5c02fa 2068944 web optional squid3_3.4.8-6+deb8u3_amd64.deb 535c1b1624dafe23cdc32740eb6e1495 8625316 debug extra squid3-dbg_3.4.8-6+deb8u3_amd64.deb d161c13799e992911294be23a13d1ec3 141394 web optional squidclient_3.4.8-6+deb8u3_amd64.deb ffafe5b3e572961d106ef482a8e9fe1b 146710 web optional squid-cgi_3.4.8-6+deb8u3_amd64.deb 2c53c67c9d3d53c71effa96c95b6c9bf 139128 web optional squid-purge_3.4.8-6+deb8u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXkMXmAAoJEN5v/bjI1ki9IjsQAKrEzgWf5QrTAjsi2+f5r1n+ p5P9D7z83HNe3OrSVJ+dG4Eb/J9AJbRk0nfrtcf6zNZauUDUZ7iohgC3v9ueqy9j 9/ZXderv1qicbX7yUfv0pyCBJvyZY7OWKZHhvWo38kU9p9Dc0YXbpGrcHKztQgF7 C52hDW51LLYgtZp1A0sKQM5sSEOSOuoCG5bGZqWt7lVQw5AJaNCjIGzVrRyIh7De 5gXrNuIN31Ony6JJwZEDgJKoshDECkUk+QTtdH9KBGeZaZliFz+fzFkg5alv27B8 VnfP13G7viBP7U64voiGc++nt2gvrpnWeIyMxFC39Vkt34SvGxH0ZSqOoe59QL5M 8ec2Q6dTR+Eunfloyk7gv2c9GoYp6lSUUQApJGmV6uVbqXsKUV4hrxhWTq6I+Quu oknDdv4w5CYgm7PmFMGpbDSWRweQDiXVthE5gR/VPbZ4cDWpaRpWDyE5tzFw1WH5 aeleD+ZoIwQx3FxaGHIAvU9vzA7z7TdOGC8qP6E6UfuxZ2xW9jhz2mGuVKVrRGD1 B0/TBdwp/E+/pjMnhR7p8I/PexcyaCxGgKI+KdqtcCBzgZKQ5RlNwHYjkFQyeYN1 EQrlAqtMxA9PsAcpa9LyXG9Z0GLG2qWW+JcyOq0qiVMpgKQCbhoPn9LDkSX/+vT/ 7sKlNub9U3lrr0k874ki =8VEI -----END PGP SIGNATURE-----