ubuntu/+source/squid3:applied/ubuntu/wily-devel

Last commit made on 2016-06-09
Get this branch:
git clone -b applied/ubuntu/wily-devel https://git.launchpad.net/ubuntu/+source/squid3
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/wily-devel
Repository:
lp:ubuntu/+source/squid3

Recent commits

6e7582a... by Marc Deslauriers on 2016-06-07

Import patches-applied version 3.3.8-1ubuntu16.3 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: d85a050de913db3a4c3309563f9e94347808c83e
Unapplied parent: 98f80d60ec6c8a77cd2a8a1293261a7d09734240

New changelog entries:
  * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet
    - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc.
    - CVE-2016-3947
  * SECURITY UPDATE: denial of service and possible code execution via
    seeding manager reporter with crafted data
    - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal
      content generation in tools/cachemgr.cc, added tests to
      src/tests/Stub.list, src/tests/stub_cbdata.cc, src/tests/stub_mem.cc,
      tools/Makefile.am.
    - CVE-2016-4051
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    crafted ESI responses
    - debian/patches/CVE-2016-4052.patch: perform bounds checking and
      remove asserts in src/esi/Esi.cc.
    - CVE-2016-4052
    - CVE-2016-4053
    - CVE-2016-4054
  * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an
    absolute-URI
    - debian/patches/CVE-2016-4553.patch: properly handle condition in
      src/client_side.cc
    - CVE-2016-4553
  * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via
    crafted HTTP host header
    - debian/patches/CVE-2016-4554.patch: properly handle whitespace in
      src/mime_header.cc.
    - CVE-2016-4554
  * SECURITY UPDATE: denial of service via ESI responses
    - debian/patches/CVE-2016-4555.patch: fix segfaults in
      src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc.
    - CVE-2016-4555
    - CVE-2016-4556
  * debian/rules: include autoreconf.mk.
  * debian/control: add dh-autoreconf to BuildDepends.
  * debian/patches/02-makefile-defaults.patch: also patch src/Makefile.am.

98f80d6... by Marc Deslauriers on 2016-06-07

fix denial of service via ESI responses

Gbp-Pq: CVE-2016-4555.patch.

cfe00fc... by Marc Deslauriers on 2016-06-07

fix same-origin bypass and cache-poisoning attack via

Gbp-Pq: CVE-2016-4554.patch.

f724035... by Marc Deslauriers on 2016-06-07

fix cache-poisoning attacks via an HTTP request with an absolute-URI

Gbp-Pq: CVE-2016-4553.patch.

7ab3d21... by Marc Deslauriers on 2016-06-07

fix denial of service or arbitrary code execution via

Gbp-Pq: CVE-2016-4052.patch.

3b86db8... by Marc Deslauriers on 2016-06-07

fix denial of service and possible code execution via

Gbp-Pq: CVE-2016-4051.patch.

40688fa... by Marc Deslauriers on 2016-06-07

fix denial of service via pinger and ICMPv6 packet

Gbp-Pq: CVE-2016-3947.patch.

d7ddb7f... by Marc Deslauriers on 2016-06-07

CVE-2016-2571.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2016-2571.patch.

a8c1c09... by Marc Deslauriers on 2016-06-07

CVE-2015-3455.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2015-3455.patch.

1381566... by Marc Deslauriers on 2016-06-07

CVE-2014-6270.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2014-6270.patch.