Format: 1.8 Date: Thu, 14 Mar 2024 10:38:37 -0400 Source: squid Binary: squid squid-cgi squid-openssl squid-purge squidclient Built-For-Profiles: noudeb Architecture: riscv64 Version: 6.1-2ubuntu1.3 Distribution: mantic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: squid - Full featured Web Proxy cache (HTTP proxy GnuTLS flavour) squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid-openssl - Full featured Web Proxy cache (HTTP proxy OpenSSL flavour) squid-purge - Full featured Web Proxy cache (HTTP proxy) - cache management uti squidclient - Full featured Web Proxy cache (HTTP proxy) - HTTP(S) message util Changes: squid (6.1-2ubuntu1.3) mantic-security; urgency=medium . * SECURITY UPDATE: DoS via Cache Manager error responses - debian/patches/CVE-2024-23638.patch: just close after a write(2) response sending error in src/servers/Server.cc. - CVE-2024-23638 * SECURITY UPDATE: DoS in HTTP header parsing - debian/patches/CVE-2024-25617.patch: improve handling of expanding HTTP header values in src/SquidString.h, src/cache_cf.cc, src/cf.data.pre, src/http.cc. - CVE-2024-25617 * SECURITY UPDATE: DoS via chunked decoder uncontrolled recursion bug - debian/patches/CVE-2024-25111.patch: fix infinite recursion in src/http.cc, src/http.h. - CVE-2024-25111 * SECURITY UPDATE: DoS via Improper Handling of Structural Elements bug - debian/patches/CVE-2023-5824-1.patch: remove serialized HTTP headers from storeClientCopy(). - debian/patches/CVE-2023-5824-2.patch: fix frequent assertion. - debian/patches/CVE-2023-5824-3.patch: remove mem_hdr::freeDataUpto() assertion. - debian/patches/CVE-2023-5824-4.patch: fix Bug 5318. - CVE-2023-5824 Checksums-Sha1: 9664d4de1ead52ee92e4ef7bcb869ae896e8e245 138988 squid-cgi-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb b75a08f6d54408042cb9522f54c0b345c65f0ab5 57406 squid-cgi_6.1-2ubuntu1.3_riscv64.deb 9713d09cd72aba08a46b01df74717cedfa5753f4 21301384 squid-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb b4d02c8158b1538be31c6ac2cbd36618c349e6b3 23650962 squid-openssl-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb ba36299d4d86bf2a7d963f7796f71c88ee5ea1a0 3241712 squid-openssl_6.1-2ubuntu1.3_riscv64.deb 65292bf7193cab4fc66bd142406d9acf3016fc80 83970 squid-purge-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb e673b29f239d7beea626accb6bc9375f2308644b 48520 squid-purge_6.1-2ubuntu1.3_riscv64.deb f80bbddc52a753a8adab24abf905ba2c39f07743 9911 squid_6.1-2ubuntu1.3_riscv64.buildinfo 5def029e23605709bd9a222f81d227555293d8e1 3030918 squid_6.1-2ubuntu1.3_riscv64.deb 8146e41e34f09b673d8a28493d950123d9dbcb9e 173904 squidclient-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb 0a2c79ce32c16526828dc60b94729994bba40b23 61032 squidclient_6.1-2ubuntu1.3_riscv64.deb Checksums-Sha256: fb54b5365cf49245805e6300792110f609011a247260c76471cac8e441442e91 138988 squid-cgi-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb d0e84348a98ca627973b65cda1e562ae9488048e0632b16d026d45a632962f9d 57406 squid-cgi_6.1-2ubuntu1.3_riscv64.deb 7c464e5189abba5d776281757bda279d332137fdf53686b073f4c1a59a764717 21301384 squid-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb 627625c14f14a2c41c354f899c5bb15abdba53c63f5af20b408424318a1db05a 23650962 squid-openssl-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb 3da2cd5d6a7309c182a28603a0c35ba8582857c0f64a4de7585eba36e4db62ec 3241712 squid-openssl_6.1-2ubuntu1.3_riscv64.deb 8769b8c520e91dc0790be986ec1ed1ea8ebaea2d757d7073939c49d04aa2307a 83970 squid-purge-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb b4b5dbd9404021c41ea907ca4adcc1421df85d12ea477f8649376e67451c9ceb 48520 squid-purge_6.1-2ubuntu1.3_riscv64.deb e5481c43ddd559c99019b6c187788ef73e0ac06a70934c071aaed481336b9814 9911 squid_6.1-2ubuntu1.3_riscv64.buildinfo 4ac859b8e09e50ffd2ebc6d3352eefe98a22ff52f07c94d6b6ed0e33f1637624 3030918 squid_6.1-2ubuntu1.3_riscv64.deb f6452ecffb598d5d805044842b6dc52c8b7a225bf8763aaf1c309226fddc697a 173904 squidclient-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb d1338cab4d0ef4288c311e88f74273369adde7102393cb2dd0314ea52494530c 61032 squidclient_6.1-2ubuntu1.3_riscv64.deb Files: 5cd61142ef560f7d4671bb385cfdccc8 138988 debug optional squid-cgi-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb 4264cf12b0f412c8b265f5360b7035f3 57406 web optional squid-cgi_6.1-2ubuntu1.3_riscv64.deb 45213004ff79e419ce4614791c950cef 21301384 debug optional squid-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb 01677a59be58b9547f414cd86d123aaf 23650962 debug optional squid-openssl-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb 844892012fbb95f92f85c1893fd40a33 3241712 web optional squid-openssl_6.1-2ubuntu1.3_riscv64.deb 4c8632e62261ef4091ee150aeee13d52 83970 debug optional squid-purge-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb e1dbd1992897c2f35c30ebea022604af 48520 web optional squid-purge_6.1-2ubuntu1.3_riscv64.deb f3b9d951e4703724dc40e37be2c68328 9911 web optional squid_6.1-2ubuntu1.3_riscv64.buildinfo 2354b1f9715b03a41ab638a67aa308fd 3030918 web optional squid_6.1-2ubuntu1.3_riscv64.deb 971b0f2ced396ab26562baed89e0bedf 173904 debug optional squidclient-dbgsym_6.1-2ubuntu1.3_riscv64.ddeb feb765fcf71f81f03e838a6212fe0275 61032 web optional squidclient_6.1-2ubuntu1.3_riscv64.deb Original-Maintainer: Luigi Gangitano