ubuntu/+source/squid3:ubuntu/trusty-updates

Last commit made on 2018-02-05
Get this branch:
git clone -b ubuntu/trusty-updates https://git.launchpad.net/ubuntu/+source/squid3
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-updates
Repository:
lp:ubuntu/+source/squid3

Recent commits

ef1990c... by Marc Deslauriers on 2018-02-01

Import patches-unapplied version 3.3.8-1ubuntu6.11 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: a0bba1a9d59fded23ef4473c71899665a93ec8ec

New changelog entries:
  * SECURITY UPDATE: denial of service in ESI Response processing
    - debian/patches/CVE-2018-1000024.patch: make sure endofName never
      exceeds tagEnd in src/esi/CustomParser.cc.
    - CVE-2018-1000024
  * SECURITY UPDATE: denial of service in in HTTP Message processing
    - debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
      transactions without a client connection in
      src/client_side_request.cc.
    - CVE-2018-1000027

a0bba1a... by Andreas Hasenack on 2017-09-28

Import patches-unapplied version 3.3.8-1ubuntu6.10 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: fd21b6e8c7851fd973b2f22d5c665df26b7cc474
Upload parent: e82a0caa94aff9600ce3e6973042dc65d0cfeb1e

New changelog entries:
  * debian/patches/fix-assertion-ftp-put-empty-file.patch: Fix ftp
    assertion error when uploading empty file. Thanks to Alex Rousskov
    <email address hidden>. Closes LP: #1423498.

e82a0ca... by Andreas Hasenack on 2017-09-28

changelog

53aa201... by Andreas Hasenack on 2017-09-28

  * debian/patches/fix-assertion-ftp-put-empty-file.patch: Fix ftp
    assertion error when uploading empty file. Thanks to Alex Rousskov
    <email address hidden>. Closes LP: #1423498.

eb4f798... by Marc Deslauriers on 2017-02-06

Import patches-unapplied version 3.3.8-1ubuntu6.9 to ubuntu/trusty-updates

Imported using usd-importer.

Publish parent: 191719767b22a31dec1372b93fbd347731632168
Changelog parent: 3ecc8276aa402eb8aa5ecf6bfadac5d1c5fe008c

fd21b6e... by Marc Deslauriers on 2017-02-06

Import patches-unapplied version 3.3.8-1ubuntu6.9 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: c2a53ec51990dc6dd07ff804007fd498767c8ae3

New changelog entries:
  * SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional
    - debian/patches/CVE-2016-10002.patch: properly handle combination of
      If-Match and a Cache Hit in src/client_side.cc,
      src/client_side_reply.cc, src/client_side_reply.h, src/enums.h,
      src/log/access_log.cc.
    - CVE-2016-10002

3ecc827... by Marc Deslauriers on 2017-02-06

Import patches-unapplied version 3.3.8-1ubuntu6.9 to ubuntu/trusty-security

Imported using usd-importer.

Publish parent: 509d20ea28851cad2adeab5b54a81b7d7e91ac4b

New changelog entries:
  * SECURITY UPDATE: cookie data leak via If-Not-Modified HTTP conditional
    - debian/patches/CVE-2016-10002.patch: properly handle combination of
      If-Match and a Cache Hit in src/client_side.cc,
      src/client_side_reply.cc, src/client_side_reply.h, src/enums.h,
      src/log/access_log.cc.
    - CVE-2016-10002

1917197... by Marc Deslauriers on 2016-06-08

Import version 3.3.8-1ubuntu6.8 to ubuntu/trusty-updates

Imported using usd-importer.

c2a53ec... by Marc Deslauriers on 2016-06-08

Import patches-unapplied version 3.3.8-1ubuntu6.8 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: f97e3d503f8edc663926cf05815d92a16aefc2b7

New changelog entries:
  * SECURITY UPDATE: denial of service via pinger and ICMPv6 packet
    - debian/patches/CVE-2016-3947.patch: fix sizes in src/icmp/Icmp6.cc.
    - CVE-2016-3947
  * SECURITY UPDATE: denial of service and possible code execution via
    seeding manager reporter with crafted data
    - debian/patches/CVE-2016-4051.patch: use dynamic MemBuf for internal
      content generation in tools/cachemgr.cc, src/tests/Stub.list,
      src/tests/stub_cbdata.cc, src/tests/stub_mem.cc,
      tools/Makefile.am.
    - CVE-2016-4051
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    crafted ESI responses
    - debian/patches/CVE-2016-4052.patch: perform bounds checking and
      remove asserts in src/esi/Esi.cc.
    - CVE-2016-4052
    - CVE-2016-4053
    - CVE-2016-4054
  * SECURITY UPDATE: cache-poisoning attacks via an HTTP request with an
    absolute-URI
    - debian/patches/CVE-2016-4553.patch: properly handle condition in
      src/client_side.cc
    - CVE-2016-4553
  * SECURITY UPDATE: same-origin bypass and cache-poisoning attack via
    crafted HTTP host header
    - debian/patches/CVE-2016-4554.patch: properly handle whitespace in
      src/mime_header.cc.
    - CVE-2016-4554
  * SECURITY UPDATE: denial of service via ESI responses
    - debian/patches/CVE-2016-4555.patch: fix segfaults in
      src/client_side_request.cc, src/esi/Context.h, src/esi/Esi.cc.
    - CVE-2016-4555
    - CVE-2016-4556
  * debian/rules: include autoreconf.mk.
  * debian/control: add dh-autoreconf to BuildDepends.
  * debian/patches/02-makefile-defaults.patch: also patch src/Makefile.am.
  * WARNING: This package does _not_ contain the changes from
    (3.3.8-1ubuntu6.7) in trusty-proposed.

509d20e... by Marc Deslauriers on 2016-06-08

Import version 3.3.8-1ubuntu6.8 to ubuntu/trusty-security

Imported using usd-importer.