Univention Bugzilla – Bug 53439
squid3: Multiple issues (4.4)
Last modified: 2021-06-16 17:47:55 CEST
New Debian squid3 3.5.23-5+deb9u7A~4.4.8.202106140906 fixes: This update addresses the following issues: * denial of service in URN processing (CVE-2021-28651) * denial of service issue in Cache Manager (CVE-2021-28652) * improper input validation in HTTP Range header (CVE-2021-31806) * incorrect memory management in HTTP Range header (CVE-2021-31807) * integer overflow in HTTP Range header (CVE-2021-31808) * denial of service in HTTP response processing (CVE-2021-33620)
--- mirror/ftp/4.4/unmaintained/4.4-8/source/squid3_3.5.23-5+deb9u6A~4.4.7.202103220941.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/squid3_3.5.23-5+deb9u7A~4.4.8.202106140906.dsc @@ -1,10 +1,16 @@ -3.5.23-5+deb9u6A~4.4.7.202103220941 [Mon, 22 Mar 2021 09:46:09 +0100] Univention builddaemon <buildd@univention.de>: +3.5.23-5+deb9u7A~4.4.8.202106140906 [Mon, 14 Jun 2021 09:14:20 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 001-enable-ssl 005-squid-4-14311 006-postinst 009-sec-update-ssl-52182 + +3.5.23-5+deb9u7 [Sun, 13 Jun 2021 23:45:44 +0530] Abhijith PA <abhijith@debian.org>: + + * Non-maintainer upload by the Debian LTS Team. + * Fix CVE-2021-28651, CVE-2021-28652 CVE-2021-31806 CVE-2021-31807 + CVE-2021-31808 CVE-2021-33620. 3.5.23-5+deb9u6 [Fri, 19 Mar 2021 00:55:46 +0530] Utkarsh Gupta <utkarsh@debian.org>: <http://piuparts.knut.univention.de/4.4-8/#6147936675109952367>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] dadc0d9573 Bug #53439: yaml doc/errata/staging/squid3.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x993>