Ubuntu
squid3 package

  1. Wily (15.10)
  2. Bug #1547640
  3. Comment #21

Comment 21 for bug 1547640

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid3 - 3.1.19-1ubuntu3.12.04.6

---------------
squid3 (3.1.19-1ubuntu3.12.04.6) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted UDP SNMP request
    - debian/patches/CVE-2014-6270.patch: fix off-by-one in
      src/snmp_core.cc.
    - CVE-2014-6270
  * SECURITY UPDATE: error handling vulnerability
    - debian/patches/CVE-2016-2571.patch: better handling of huge response
      headers in src/http.cc.
    - CVE-2016-2571
  * Fix security issue that only applies when package is rebuilt with the
    enable-ssl flag, which is not the case in the Ubuntu archive.
    - debian/patches/CVE-2014-0128.patch: denial of service via a crafted
      range request.
  * debian/patches/increase-default-forward-max-tries.patch:
    change the default setting of 'forward_max_tries' from 10
    to 25. (LP: #1547640)

 -- Marc Deslauriers <email address hidden> Fri, 04 Mar 2016 14:57:14 -0500