Back to squid PTS page

Accepted squid 4.13-10+deb11u3 (source) into oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted squid 4.13-10+deb11u3 (source) into oldstable-proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 18 Mar 2024 22:02:47 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: squid_4.13-10+deb11u3_source.changes
Debian-source: squid
Debian-suite: oldstable-proposed-updates
Debian-version: 4.13-10+deb11u3
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=cqtAcg6PtGPWMUpZhVffmRPlu/UiRQVwM0Jt3qL3ZHk=; b=J5HeocDyF7vNHheI8Qo3IY0Zeg fYgWQWEn6ITGCeceXEkY8CXV2heLkTNA0O7Rmlj4ysZU0Zgq3f20f7IBT986zFmPpPwAcEt5/mPVk Mo4Idmus/KxQw2uDtQkckEH2xCkqQ0DProGcMSgB1dCdeIRMPfAuPpZrlqLRjF8DjERQmM64Znr9o ZErXqsngoZnroI8H7yqXa1f5kF37qSlX/GvL0vY/J8BLOf1g52ayaeF4n4QEFhF7qekTrGidUUSy7 tnB49YUh9+CHdF53SncHAWY8PI5WTJdiRh0FDmNZCOs49pgSJrb4lBGpqaqsvpZHMGL/iNC6OrfCG Rq/0EhWA==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1rmL4B-00GrDO-64@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu,  7 Mar 2024 23:18:23 CET
Source: squid
Architecture: source
Version: 4.13-10+deb11u3
Distribution: bullseye-security
Urgency: high
Maintainer: Luigi Gangitano <luigi@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 a7b8922e089e7427d34abe2be0f8b99ce18dfd7f 2901 squid_4.13-10+deb11u3.dsc
 485e628711477274f2810a15ec22210558896df1 63012 squid_4.13-10+deb11u3.debian.tar.xz
 79b85b6186f3eb281de2cddb0b20af589d07a5b0 11589 squid_4.13-10+deb11u3_amd64.buildinfo
Checksums-Sha256:
 de3f9d822c549973b94d6242a0c6b2c4b4e11c2ebd8c64e14eb9db20bedf05e0 2901 squid_4.13-10+deb11u3.dsc
 c63fde90530c9d95d40758e2a5d99475243680aab84e5d54c403f40eefa97b6f 63012 squid_4.13-10+deb11u3.debian.tar.xz
 5bbb00b8550cceaea4ba4f9256dce4eadb8a6c8d102268e196aa3a12df8ce7b8 11589 squid_4.13-10+deb11u3_amd64.buildinfo
Changes:
 squid (4.13-10+deb11u3) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2023-46724, CVE-2023-46846, CVE-2023-46847 CVE-2023-49285,
     CVE-2023-49286, CVE-2023-50269, CVE-2024-23638, CVE-2024-25617.
   * Several security vulnerabilities have been discovered in Squid, a full
     featured web proxy cache. Due to programming errors in Squid's HTTP request
     parsing, remote attackers may be able to execute a denial of service attack
     by sending large X-Forwarded-For header or trigger a stack buffer overflow
     while performing HTTP Digest authentication. Other issues facilitate
     request smuggling past a firewall or a denial of service against Squid's
     Helper process management.
     In regard to CVE-2023-46728: Please note that support for the Gopher
     protocol has simply been removed in future Squid versions. There are no
     plans by the upstream developers of Squid to fix this issue. We recommend
     to reject all Gopher URL requests instead.
Files:
 22909d1b7a06036b12684089ed6707a2 2901 web optional squid_4.13-10+deb11u3.dsc
 b3ea7b1d80d7edde26db32dcbbd74de3 63012 web optional squid_4.13-10+deb11u3.debian.tar.xz
 3733d2a71286b1eaca41690863a89b5a 11589 web optional squid_4.13-10+deb11u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmXqPTVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkTm8P/1nWNBY9J6pjhnqS/afBLBLYb8TfmuANSUw9
vzSqcUw9zXrVKFuBwZ8CiAYqKP98JP8F5ht/z1c0vbcz1pAyDb/SApHsz9whfLxH
6SqLvtid7cMY9FoHdQ9UyjDBWPFbjo04Azo9vXFj0swxOt0+SJtW6WKu4sDSQeQa
6iKgNOMu5euSrFyG9WTsjKNY7I2xit6e26K4pMhN1JHX7z6DQEWe6T19wEK9Z7PJ
o7SKnCj82XJqtFyo5iMDeL2Q7dVyndbLI8hGP4OEHUJCeQsDvX4x2bGy3rKwQ6xj
xNBVntuJW9X4eY24l6Aez/d2fq4dmjoGtG6b6tY7xO8Aw7jNL7A43bhC0fTBUyct
ZnHdQ1+Ad0c0EX8UL8VhV/CSka/ErWqZ3AzsjLI3ClEibvf29Wl0dn1zg0rttLVM
Lz1s/jL2kbBZXYt7UUFIXN5ZfHNhkELhqtDpfq+p8CYSwiqeE0jioUQCWKgtGNry
ZRCLu8FuV+KtJE8xOB4ntiYY9b2UK6HPbDB/mjeXNjNmI5FqhuqQ7/Ls3CpFPxGv
/iBt7Nw0FJ3eERvFKbQYwYNVCZVc3v55oDiu+2ppwsU21zT0bPxaASql9SZPMO6e
bu6jEMrqwBSJcGrmxWLkuUG3zT/5kgpNym44cXezrWoE+o1ZqNTNR6eojrGuqOu6
hgx1992r
=KzRn
-----END PGP SIGNATURE-----

Attachment: pgpVjYtLL0Pc3.pgp
Description: PGP signature