[pkg-squid-devel] squid3_3.4.8-6+deb8u1 - Fix for CVE-2015-5400
Alessandro Ghedini
ghedo at debian.org
Fri Jul 24 17:43:40 UTC 2015
On Wed, Jul 22, 2015 at 07:31:34PM +0200, Luigi Gangitano wrote:
> Hi security-team,
Hello,
> I’ve prepared an update for squid3 in jessie, fixing CVE-2015-5400 and closing
> bug #793128. Debdiff against current version in jessie is below.
Thanks! The diff looks good, so please go ahead and upload the package to
security-master. Note that it needs to be built with full upstream sources (-sa
dpkg-buildpackage flag).
It seems that the squid3 version in wheezy is also affected, would you mind
preparing an update for that too (if it's not too much work)?
Ideally the wheezy-only squid package should be fixed as well, but backporting
the patch in that case may not be possible (I haven't checked). What do you
think?
Cheers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-squid-devel/attachments/20150724/fb9e65e1/attachment.sig>
More information about the pkg-squid-devel
mailing list