ubuntu/+source/squid3:applied/ubuntu/yakkety

Last commit made on 2016-06-08
Get this branch:
git clone -b applied/ubuntu/yakkety https://git.launchpad.net/ubuntu/+source/squid3
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/yakkety
Repository:
lp:ubuntu/+source/squid3

Recent commits

1eb2a36... by Marc Deslauriers on 2016-06-08

Import patches-applied version 3.5.12-1ubuntu8 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: ee6ade0923808494ca5f4747ae9a9989a6fe55a2
Unapplied parent: 740b2bc535bc3328c762f5f49259d180fb2f38bc

New changelog entries:
  * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet
    - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc.
    - CVE-2016-3947
  * SECURITY UPDATE: denial of service and possible code execution via
    seeding manager reporter with crafted data
    - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal
      content generation in tools/cachemgr.cc, src/tests/stub_cbdata.cc,
      src/tests/stub_mem.cc, tools/Makefile.am.
    - CVE-2016-4051
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    crafted ESI responses
    - debian/patches/CVE-2016-4052.patch: perform bounds checking and
      remove asserts in src/esi/Esi.cc.
    - CVE-2016-4052
    - CVE-2016-4053
    - CVE-2016-4054
  * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an
    absolute-URI
    - debian/patches/CVE-2016-4553.patch: properly handle condition in
      src/client_side.cc
    - CVE-2016-4553
  * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via
    crafted HTTP host header
    - debian/patches/CVE-2016-4554.patch: properly handle whitespace in
      src/mime_header.cc.
    - CVE-2016-4554
  * SECURITY UPDATE: denial of service via ESI responses
    - debian/patches/CVE-2016-4555.patch: fix segfaults in
      src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc.
    - CVE-2016-4555
    - CVE-2016-4556
  * debian/rules: include autoreconf.mk.
  * debian/control: add dh-autoreconf to BuildDepends.

740b2bc... by Marc Deslauriers on 2016-06-08

fix denial of service via ESI responses

Gbp-Pq: CVE-2016-4555.patch.

7dd9171... by Marc Deslauriers on 2016-06-08

fix same-origin bypass and cache-poisoning attack via

Gbp-Pq: CVE-2016-4554.patch.

864789d... by Marc Deslauriers on 2016-06-08

fix cache-poisoning attacks via an HTTP request with an absolute-URI

Gbp-Pq: CVE-2016-4553.patch.

76c6ad6... by Marc Deslauriers on 2016-06-08

fix denial of service or arbitrary code execution via

Gbp-Pq: CVE-2016-4052.patch.

52c1636... by Marc Deslauriers on 2016-06-08

fix denial of service and possible code execution via

Gbp-Pq: CVE-2016-4051.patch.

e371ddd... by Marc Deslauriers on 2016-06-08

fix denial of service via pinger and ICMPv6 packet

Gbp-Pq: CVE-2016-3947.patch.

ddf7deb... by Marc Deslauriers on 2016-06-08

99-ubuntu-ssl-cert-snakeoil.patch

No DEP3 Subject or Description header found

Gbp-Pq: 99-ubuntu-ssl-cert-snakeoil.patch.

be1d0c1... by Marc Deslauriers on 2016-06-08

90-cf.data.ubuntu.patch

No DEP3 Subject or Description header found

Gbp-Pq: 90-cf.data.ubuntu.patch.

2ff5f0c... by Marc Deslauriers on 2016-06-08

Change default file locations for debian

Gbp-Pq: 02-makefile-defaults.patch.