This bug was fixed in the package squid - 7.2-2ubuntu1
---------------
squid (7.2-2ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2126018). Remaining changes:
- d/usr.sbin.squid: Add sections for squid-deb-proxy and
squidguard
- d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
packaging
- Use snakeoil certificates:
+ d/control: add ssl-cert to dependencies
+ d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
to the default config file
- d/NEWS: drop the NIS basic auth helper (LP #1895694)
- d/rules: halt build upon test failures.
- d/rules: do not include additional configuration files during
build time tests. This would lead to test failures due to missing
paths.
- d/t/upstream-test-suite: use installed squid binary for
autopkgtest config file checks.
- d/source_squid.py, d/rules: Add apport hook (LP #676141)
* New changes:
- d/squid-openssl.links: fix broken manpage link for squid-openssl.
* Dropped changes:
- d/p/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch:
Fix FTBFS due to -Werror=alloc-size-larger-than on GCC 12.
[ Applied upstream in version 7.0.2 ]
- d/p/0010-Fix-Werror-sign-compare-on-GCC-13.patch: fix comparison
between signed and unsigned values.
[ Applied upstream in version 7.0.2 ]
- lp-2125118-*: Fix FTBFS with GCC-15 (LP #2125118)
[ Applied upstream in version 7.0.2 ]
- debian/patches/CVE-2025-59362.patch: fix ASN.1 encoding of long SNMP OIDs
in lib/snmplib/asn1.c. (CVE-2025-59362)
[ Applied upstream in version 7.2 ]
- d/p/CVE-2025-62168.patch: Add maskSensitiveInfo parameter to
pack and pass it to packInto in src/HttpRequest.cc. Add maskSensitiveInfo
to pack in src/HttpRequest.h. Adapt code with new parameter in
src/client_side_reply.cc, and src/errorpage.cc. Remove request_hdr NULL
assign in src/errorpage.h. (CVE-2025-62168)
[ Applied upstream in version 7.2 ]
- d/rules: disable LTO related compilation errors for ppc64el builds.
[ No more needed in version 7.2-2 in resolute ]
squid (7.2-2) unstable; urgency=high
[ Luigi Gangitano <[email protected]> ]
* debian/patches/0008-upstream-ab5cf0c36b538627c82b3989d6c87d1668c7e081.patch
- Added upstream patch fixing error on CONNECT to hosts starting with
digit
squid (7.2-1) unstable; urgency=high
[ Amos Jeffries <[email protected]> ]
* New Upstream Release 7.2 (Closes: #1080997)
Fixes: CVE-2025-62168. SQUID-2025:2 (Closes: #1118341)
Fixes: CVE-2025-59362 (Closes: #1117048)
* debian/watch
- remove check for files no longer provided upstream
* debian/control
- support libkrb5 provided by krb5-multidev package
squid (7.1-1) unstable; urgency=high
[ Amos Jeffries <[email protected]> ]
* New Upstream Release 7.1 (Closes: #1097927, #1015670)
* Drop binaries removed upstream
- ntlm_smb_lm_auth (Fixes: CVE-2025-21311)
- squid-purge
- squid-cgi
- squidclient
* Remove workaround for CVE-2024-45802, integrated upstream.
* debian/patches/
- refresh patches for new version
squid (6.13-2) unstable; urgency=low
[ Amos Jeffries <[email protected]> ]
* debian/control
- Bumped Standards-Version to 4.7.2, no change needed
- Add Build-Dep on libcrypt-dev (Closes: #1106998)
* debian/squid-openssl.links
- Add symlink for man8 file
* debian/squid.postrm
- Remove no longer necessary workaround for Bug #984897
-- Renan Rodrigo <[email protected]> Wed, 26 Nov 2025 15:36:40 -0300
** Changed in: squid (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2024-45802
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21311
** CVE added: https://cve.org/CVERecord?id=CVE-2025-59362
** CVE added: https://cve.org/CVERecord?id=CVE-2025-62168
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2126018
Title:
Merge squid from Debian Unstable for r-series
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid/+bug/2126018/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
