-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 12 Feb 2018 22:32:32 +0100 Source: pound Binary: pound Architecture: source amd64 Version: 2.6-2+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Brett Parker <iDunno@sommitrealweird.co.uk> Changed-By: Markus Koschany <apo@debian.org> Description: pound - reverse proxy, load balancer and HTTPS front-end for Web servers Closes: 888786 Changes: pound (2.6-2+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2016-10711: A request smuggling vulnerability was discovered in pound that may allow attackers to send a specially crafted http request to a web server or reverse proxy while pound may see a different set of requests. This facilitates several possible exploitations, such as partial cache poisoning, bypassing firewall protection and XSS. (Closes: #888786) Checksums-Sha1: 4ee3ff6ce149fc8e0377174be7b1e02bb2f95ab5 1901 pound_2.6-2+deb7u2.dsc 99aa655eab180163536e6539e0ebfd66c990d53c 16760 pound_2.6-2+deb7u2.debian.tar.gz 21d16a47fdaa7a6932b9d9a09b9d1572f98412a4 112080 pound_2.6-2+deb7u2_amd64.deb Checksums-Sha256: 758693720a668a07a8f812de03b7b507b071d7ca7a5c8e881d06e025ff4a3e42 1901 pound_2.6-2+deb7u2.dsc e6e1390d5b0f3e1f7e58509ba3e7bd04a34ff2216a3bf1fdc80a7b593ee0cd69 16760 pound_2.6-2+deb7u2.debian.tar.gz 4cd3182b4e149423e47c31930479511148a65ffdd89003eebe37db6614e38848 112080 pound_2.6-2+deb7u2_amd64.deb Files: 40cbae8351eabaf81f21fd1ef6e13b34 1901 net extra pound_2.6-2+deb7u2.dsc 725171de5b54effd679adee9c99db03e 16760 net extra pound_2.6-2+deb7u2.debian.tar.gz 7581aa294e0e985ebc2e7bf6ed646e76 112080 net extra pound_2.6-2+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqCGC9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkNV8P/isT6iikNgcZf8GK//nD7+CAoeOaTbRnH4Qt cqQQYnND6NHQtZreRiCaT44vx0WHIZs7KRdq66vU6MXqT6qTYGKUrUh6+HDrNF9Y cQigEvkD9vfQsoGw12k7Uyp1t1cTqaPwn4Zk5J5mZNwvvkWnfVFKXSBQqCUHdM8F ItI8bXLSjlyN8jnRMahGM33on0tyYedYvOh8LrnbvKSuSiR+vx+A7wCnCl8IaMPt J4/IIf5eon2IGjmMlp5eZdBn1Dk1JjO9tzIy3hrWP7C3RbS8mMicf17itvgGhSSD lff0DqVG938h7fMZO8ADRSbcFKPMAOctT0g6r7casxew8GN2DCKyaGUUd1S71xoh wig4Nh974/d7biGrlG+sd5LmjwS7Ti3L10/7UVOwwYW6pm4THnBcSbjyw3XXXTBt m2uHJtlgQ0Z0NiMcWt6Gs3RYdbn2kUv/Z1ErvNt1YByln63GDvJYppKAFBlA0Q8L fwLOQUuaeoQc1n8L7E9CFR41W+5l4ZtwVsg1wfxNA9KQxlLMXMouHYCitqrh0KCp JKQHkL1PQnb7dSC07oXNUceHlu4rvoVfuAv8L6GEelblYIsQ4qKo60U5KoNABOmb dtVb1a5WcoJoyeoqTejfLnlLhu29kBDKb+RNNFTdKhJlLl819PEQuaDISJENDdJb ll+6t7sf =piiQ -----END PGP SIGNATURE-----