[ubuntu/eoan-proposed] squid 4.6-2ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Jul 19 14:48:16 UTC 2019 

squid (4.6-2ubuntu4) eoan; urgency=medium

  * Fix gcc-9 issues (LP: #1835831)
    - Remove -Wno-sizeof-pointer-memaccess -Wno-stringop-truncation
    - debian/patches/more-gcc-9-fixes.patch: switch to xstrncpy in
      lib/smblib/smblib-util.c.
  * SECURITY UPDATE: incorrect digest auth parameter parsing
    - debian/patches/CVE-2019-12525.patch: check length in
      src/auth/digest/Config.cc.
    - CVE-2019-12525
  * SECURITY UPDATE: buffer overflow in basic auth decoding
    - debian/patches/CVE-2019-12527.patch: switch to SBuf in
      src/HttpHeader.cc, src/HttpHeader.h, src/cache_manager.cc,
      src/clients/FtpGateway.cc.
    - CVE-2019-12527
  * SECURITY UPDATE: basic auth uudecode length issue
    - debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle
      base64 decoder in lib/Makefile.*, src/auth/basic/Config.cc,
      include/uudecode.h, lib/uudecode.c.
    - CVE-2019-12529
  * SECURITY UPDATE: XSS issues in cachemgr.cgi
    - debian/patches/CVE-2019-13345.patch: properly escape values in
      tools/cachemgr.cc.
    - CVE-2019-13345

Date: Fri, 19 Jul 2019 08:01:58 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/squid/4.6-2ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 19 Jul 2019 08:01:58 -0400
Source: squid
Architecture: source
Version: 4.6-2ubuntu4
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Launchpad-Bugs-Fixed: 1835831
Changes:
 squid (4.6-2ubuntu4) eoan; urgency=medium
 .
   * Fix gcc-9 issues (LP: #1835831)
     - Remove -Wno-sizeof-pointer-memaccess -Wno-stringop-truncation
     - debian/patches/more-gcc-9-fixes.patch: switch to xstrncpy in
       lib/smblib/smblib-util.c.
   * SECURITY UPDATE: incorrect digest auth parameter parsing
     - debian/patches/CVE-2019-12525.patch: check length in
       src/auth/digest/Config.cc.
     - CVE-2019-12525
   * SECURITY UPDATE: buffer overflow in basic auth decoding
     - debian/patches/CVE-2019-12527.patch: switch to SBuf in
       src/HttpHeader.cc, src/HttpHeader.h, src/cache_manager.cc,
       src/clients/FtpGateway.cc.
     - CVE-2019-12527
   * SECURITY UPDATE: basic auth uudecode length issue
     - debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle
       base64 decoder in lib/Makefile.*, src/auth/basic/Config.cc,
       include/uudecode.h, lib/uudecode.c.
     - CVE-2019-12529
   * SECURITY UPDATE: XSS issues in cachemgr.cgi
     - debian/patches/CVE-2019-13345.patch: properly escape values in
       tools/cachemgr.cc.
     - CVE-2019-13345
Checksums-Sha1:
 1986d4c759893b808bdb2e6d069f3552f761ecf8 2762 squid_4.6-2ubuntu4.dsc
 dbf897cd6a41a34455ec32432743ce0a89fdd343 51188 squid_4.6-2ubuntu4.debian.tar.xz
 29e770aefba11c95a8acd88a9147b7dc8b9d7843 9523 squid_4.6-2ubuntu4_source.buildinfo
Checksums-Sha256:
 bd0745978681bc206e79fc4fc6f28217775810042dd523138f0d7eb8eb9b1fec 2762 squid_4.6-2ubuntu4.dsc
 bef8287098b784c10620a6ce821e38c5d816404a23965e89c9e7ae2293c956f6 51188 squid_4.6-2ubuntu4.debian.tar.xz
 7c4820d44f0dfec5c99fa2c0fa2dba08fa5a83c0e22e3ccb90d1e1f4fbc39c41 9523 squid_4.6-2ubuntu4_source.buildinfo
Files:
 872a3647762dd3f3c2936386977e4af7 2762 web optional squid_4.6-2ubuntu4.dsc
 f400e69ba942d7e2c6befe407cd16053 51188 web optional squid_4.6-2ubuntu4.debian.tar.xz
 53e51146c690bc2c1daf97c781b21eea 9523 web optional squid_4.6-2ubuntu4_source.buildinfo
Original-Maintainer: Luigi Gangitano <luigi at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0xyW8ACgkQZWnYVadE
vpOXGg//VGTfEr85poINscvR6DCXzoTBOMPFxO8h1jqRJugo06X79cl9ctyLFLmj
m7Perk/S5ljn7QeZ+/EOh1lOzaphY2XPVO5oyG4W/tFqrQClaSrRLpujg8dbRICg
aBwBP808eVVzRCGRUV33LOz4FyB95+tcERpFaHipVEVJTWQQoUJE4MbeBmCjtgUl
rn8Cmc1naqUXHa1ZdAWfX7wSbudR63an441w65lcV2aOXAEo9dR1Z/1NqabTXtxY
Th3o5jh92S1S5oGs3/oDbBu4KTW/BVwqaBkfM1lEgLz1+4Ay2FaAFjkk+bJFIlzS
TQS+MIwCJPBRLm1ydUrWq7l8Mp4j6dBOHDJVRCSy9HnfkOYvAwcWTB6UYBtxOx6c
D9QstRyKGErGo0UueUXAWBPM2Y+lX4CMNGFjj6wzVdq3z3TxaOiL541s2r6Co/0C
Sozsbh0f4+lMiotEe8vmV2JqiwLJZaIlh+l8h1urgFs4dpig5WpbfnaJPrkcVtE4
KbvcLTgP/s/+lvg9C17a4lesnC6GwhRb51lw253LMvJHpkIhQrvlnR9v0zFlmWbL
KMZDpzXZlEwbp8WM3Ghv9E4rprsKtwOTzjefjofRQmd3Hw9ghPY30W6S0uwr2+7/
zbq8f3Epy3Z7ihjFAclXTp0h1DF1Fe3emDOV2tvPKpT4PvT6xnc=
=cNey
-----END PGP SIGNATURE-----

More information about the Eoan-changes mailing list