-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 01 May 2020 14:26:10 +0200
Source: pound
Binary: pound
Architecture: source amd64
Version: 2.6-6+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Brett Parker
Changed-By: Carsten Leonhardt
Description:
pound
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: pound
Version: 2.6-6+deb8u2
CVE ID : CVE-2016-10711
An issue has been found in pound,
A request smuggling vulnerability was discovered in pound, a everse proxy,
load balancer and HTTPS front-end for Web servers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 29 Apr 2020 19:03:02 +0200
Source: pound
Binary: pound
Architecture: source amd64
Version: 2.6-6+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Brett Parker
Changed-By: Thorsten Alteholz
Description:
pound
Carsten,
On 13/07/19 5:38 pm, Carsten Leonhardt wrote:
> Hi,
>
> if you're interested in addressing this CVE, you can find a fixed
> version for jessie at https://salsa.debian.org/debian/pound/tree/jessie
>
> An amd64 binary package can be found here:
>
> https://salsa
Hi,
if you're interested in addressing this CVE, you can find a fixed
version for jessie at https://salsa.debian.org/debian/pound/tree/jessie
An amd64 binary package can be found here:
https://salsa.debian.org/debian/pound/-/jobs/221014/artifacts/browse/debian/output/
Regards,
Carsten
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: pound
Version: 2.6-2+deb7u2
CVE ID : CVE-2016-10711
Debian Bug : 888786
A request smuggling vulnerability was discovered in pound that may allow
attackers to send a specially crafted http request to a web server
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 12 Feb 2018 22:32:32 +0100
Source: pound
Binary: pound
Architecture: source amd64
Version: 2.6-2+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Brett Parker <idu...@sommitrealweird.co.uk>
Changed-By:
On Mon, Jan 25, 2016 at 02:23:39PM +0100, Raphael Hertzog wrote:
>On Mon, 25 Jan 2016, Brian May wrote:
>> I tried to create an account, but this failed with a generic error; so I
>> wondered if I already had an account (I don't think I do), and tried the
>> forget password routine. I am wondering
On Mon, 25 Jan 2016, Brian May wrote:
> I tried to create an account, but this failed with a generic error; so I
> wondered if I already had an account (I don't think I do), and tried the
> forget password routine. I am wondering if it has detected a security
> violation and blocked my IP address.
On Mon, Jan 25, 2016 at 09:14:21PM +1100, Brian May wrote:
[..snip..]
> > Did you check that the new upstream version is backwards compatible in
> > terms of usage?
>
> Yes. It is mostly bug fixes and several new features, such as SNI
> support. I did a diff, and compared.
That matches what I
d ~deb6u1 at the end
(possibly replacing the +deb7uX to avoid a too long version string).
> Does this look ok?
> https://linuxpenguins.xyz/debian/pool/main/p/pound/
Did you check that the new upstream version is backwards compatible in
terms of usage?
I have to say that you have been a bit has
Raphael Hertzog writes:
> On Sat, 23 Jan 2016, Brian May wrote:
>> * Wasn't sure what to do with the version number - I have to use a lower
>> then then wheezy - so I merged the changelog entries for 2.6-* into
>> one and named the version 2.6-1+deb6u1
>
> The usual way
On Mon, 25 Jan 2016, Brian May wrote:
> So version 2.6-2+deb7u1~deb6u1 or 2.6-2~deb6u1?
Yes.
> I considered doing this, and adding a new entry to the end of the
> changelog, however was worried that this would mean the changelog
> wouldn't be in the correct incrementing version order.
That's
Raphael Hertzog writes:
> Usually this means that you just are not logged in. :)
I get this if I go to https://wiki.debian.org/ - there is no option to
login.
I tried to create an account, but this failed with a generic error; so I
wondered if I already had an account (I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 23 Jan 2016 11:22:06 +1100
Source: pound
Binary: pound
Architecture: source
Version: 2.6-1+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Brett Parker <idu...@sommitrealweird.co.uk>
Changed-By: Brian
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: pound
Version: 2.6-1+deb6u1
CVE ID : CVE-2009-3555 CVE-2011-3389 CVE-2012-4929 CVE-2014-3566
This update fixes certain known vulnerabilities in pound in squeeze-lts by
backporting the version in wheezy.
CVE-2009
16 matches
Mail list logo