Ubuntu
squid3 package

  1. Wily (15.10)
  2. Bug #1547640
  3. Comment #23

Comment 23 for bug 1547640

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid3 - 3.3.8-1ubuntu6.6

---------------
squid3 (3.3.8-1ubuntu6.6) trusty-security; urgency=medium

  [ Scott Moser ]
  * debian/patches/increase-default-forward-max-tries.patch:
    change the default setting of 'forward_max_tries' from 10
    to 25. (LP: #1547640)

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service via crafted UDP SNMP request
    - debian/patches/CVE-2014-6270.patch: fix off-by-one in
      src/snmp_core.cc.
    - CVE-2014-6270
  * SECURITY UPDATE: error handling vulnerability
    - debian/patches/CVE-2016-2571.patch: better handling of huge response
      headers in src/http.cc.
    - CVE-2016-2571
  * Fix security issues that only apply when package is rebuilt with the
    enable-ssl flag, which is not the case in the Ubuntu archive.
    - debian/patches/CVE-2014-0128.patch: denial of service via a crafted
      range request.
    - debian/patches/CVE-2015-3455.patch: incorrect X509 server certificate
      domain matching.

 -- Marc Deslauriers <email address hidden> Fri, 04 Mar 2016 14:58:52 -0500