~bryce/ubuntu/+source/squid:fix-lp676141-noble

Branch merges

Propose for merging

Merged into ubuntu/+source/squid:ubuntu/noble-devel at revision fecdce8b53d7d071786cef2fae8143a96d85a0ce

git-ubuntu bot: Approve on 2024-01-20

Utkarsh Gupta (community): Approve on 2024-01-20

Canonical Server Reporter: Pending requested 2024-01-20

Canonical Server Core Reviewers: Pending requested 2024-01-20

Diff: 90 lines (+65/-0)

3 files modified

debian/changelog (+7/-0)
debian/rules (+4/-0)
debian/source_squid.py (+54/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

fecdce8... by Bryce Harrington on 2024-01-18

  * d/source_squid.py, d/squid-common.install: Add apport hook
    (LP: #676141)

9d7f83d... by Bryce Harrington on 2024-01-18

changelog

947b36b... by Athos Ribeiro on 2023-12-12

update-maintainer

cbab75e... by Athos Ribeiro on 2023-12-12

reconstruct-changelog

d721d05... by Athos Ribeiro on 2023-12-12

merge-changelogs

a7f4e58... by Athos Ribeiro on 2023-12-12

    - SECURITY UPDATE: DoS via ftp:// URLs
      + debian/patches/CVE-2023-46848.patch: fix userinfo percent-encoding in
        src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.cc,
        src/anyp/Uri.cc.
      + CVE-2023-46848
      [ Fixed in Debian in 6.5-1 ]

94aba37... by Athos Ribeiro on 2023-12-12

    - SECURITY UPDATE: DoS via HTTP Digest Authentication
      + debian/patches/CVE-2023-46847.patch: fix stack buffer overflow when
        parsing Digest Authorization in src/auth/digest/Config.cc.
      + CVE-2023-46847
      [ Fixed in Debian in 6.5-1 ]

8beadde... by Athos Ribeiro on 2023-12-12

    - SECURITY UPDATE: HTTP request smuggling, caused by chunked decoder
      lenience
      + debian/patches/CVE-2023-46846.patch: improve HTTP chunked encoding
        compliance in src/http/one/Parser.cc, src/http/one/Parser.h,
        src/http/one/TeChunkedParser.cc, src/parser/Tokenizer.cc,
        src/parser/Tokenizer.h.
      + CVE-2023-46846
      [ Fixed in Debian in 6.5-1 ]

dda558b... by Athos Ribeiro on 2023-12-12

    - SECURITY UPDATE: DoS against certificate validation
      + debian/patches/CVE-2023-46724.patch: fix validation of certificates
        with CN=* in src/anyp/Uri.cc.
      + CVE-2023-46724
      [ Fixed in Debian in 6.5-1 ]

194f4e0... by Athos Ribeiro on 2023-08-10

    - d/p/0011-Fix-ftp-support.patch: Fix pure virtual call in
      Ftp::Client constructor leading to problems in FTP support.
      [ Fixed upstream in 6.2 ]