ubuntu/+source/squid3:applied/ubuntu/trusty-updates

Last commit made on 2018-02-05
Get this branch:
git clone -b applied/ubuntu/trusty-updates https://git.launchpad.net/ubuntu/+source/squid3
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/trusty-updates
Repository:
lp:ubuntu/+source/squid3

Recent commits

dff2072... by Marc Deslauriers on 2018-02-01

Import patches-applied version 3.3.8-1ubuntu6.11 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: b7cc2d958f0da2d71e381dec356d419552221456
Unapplied parent: 7ecb42071d4a7f601a99ad227bffe40ab46220ab

New changelog entries:
  * SECURITY UPDATE: denial of service in ESI Response processing
    - debian/patches/CVE-2018-1000024.patch: make sure endofName never
      exceeds tagEnd in src/esi/CustomParser.cc.
    - CVE-2018-1000024
  * SECURITY UPDATE: denial of service in in HTTP Message processing
    - debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
      transactions without a client connection in
      src/client_side_request.cc.
    - CVE-2018-1000027

7ecb420... by Marc Deslauriers on 2018-02-01

CVE-2018-1000027.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2018-1000027.patch.

c2962a9... by Marc Deslauriers on 2018-02-01

CVE-2018-1000024.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2018-1000024.patch.

36b1937... by Marc Deslauriers on 2018-02-01

Fix ftp assertion error when uploading empty file

Gbp-Pq: fix-assertion-ftp-put-empty-file.patch.

61dec0c... by Marc Deslauriers on 2018-02-01

fix cookie data leak via If-Not-Modified HTTP conditional

Gbp-Pq: CVE-2016-10002.patch.

8c26862... by Marc Deslauriers on 2018-02-01

fix denial of service via ESI responses

Gbp-Pq: CVE-2016-4555.patch.

460f4b9... by Marc Deslauriers on 2018-02-01

fix same-origin bypass and cache-poisoning attack via

Gbp-Pq: CVE-2016-4554.patch.

493db5f... by Marc Deslauriers on 2018-02-01

fix cache-poisoning attacks via an HTTP request with an absolute-URI

Gbp-Pq: CVE-2016-4553.patch.

3a87552... by Marc Deslauriers on 2018-02-01

fix denial of service or arbitrary code execution via

Gbp-Pq: CVE-2016-4052.patch.

a03a506... by Marc Deslauriers on 2018-02-01

fix denial of service and possible code execution via

Gbp-Pq: CVE-2016-4051.patch.