squid3 (3.1.19-1ubuntu3.12.04.10) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: incorrect digest auth parameter parsing
    - debian/patches/CVE-2019-12525.patch: check length in
      src/auth/digest/auth_digest.cc.
    - CVE-2019-12525
  * SECURITY UPDATE: basic auth uudecode length issue
    - debian/patches/CVE-2019-12529.patch: replace uudecode with libnettle
      base64 decoder in lib/Makefile.*, src/auth/basic/auth_basic.cc,
      , lib/uudecode.c.
    - CVE-2019-12529

squid3 (3.1.19-1ubuntu3.12.04.9) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: XSS issues in cachemgr.cgi
    - debian/patches/CVE-2019-13345.patch: properly escape values in
      tools/cachemgr.cc.
    - CVE-2019-13345
  * SECURITY UPDATE: denial of service in ESI Response processing
    - debian/patches/CVE-2018-1000024.patch: make sure endofName never
      exceeds tagEnd in src/esi/CustomParser.cc.
    - CVE-2018-1000024
  * SECURITY UPDATE: denial of service in in HTTP Message processing
    - debian/patches/CVE-2018-1000027.patch: fix indirect IP logging for
      transactions without a client connection in
      src/client_side_request.cc.
    - CVE-2018-1000027

Date: 2019-07-19 16:30:13.354018+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-ro...@lists.canonical.com>
https://launchpad.net/ubuntu/+source/squid3/3.1.19-1ubuntu3.12.04.10
Sorry, changesfile not available.
-- 
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/precise-changes

Reply via email to