[pkg-squid-devel] squid3_3.4.8-6+deb8u1 - Fix for CVE-2015-5400
Luigi Gangitano
luigi at debian.org
Sun Jul 26 21:57:21 UTC 2015
Ciao Alessandro,
> Il giorno 24/lug/2015, alle ore 19:43, Alessandro Ghedini <ghedo at debian.org> ha scritto:
>
> On Wed, Jul 22, 2015 at 07:31:34PM +0200, Luigi Gangitano wrote:
>> Hi security-team,
>
> Hello,
>
>> I’ve prepared an update for squid3 in jessie, fixing CVE-2015-5400 and closing
>> bug #793128. Debdiff against current version in jessie is below.
>
> Thanks! The diff looks good, so please go ahead and upload the package to
> security-master. Note that it needs to be built with full upstream sources (-sa
> dpkg-buildpackage flag).
I’ve just uploaded it.
> It seems that the squid3 version in wheezy is also affected, would you mind
> preparing an update for that too (if it's not too much work)?
>
> Ideally the wheezy-only squid package should be fixed as well, but backporting
> the patch in that case may not be possible (I haven't checked). What do you
> think?
There is no patch available for squid 3.3. Upstream have tried a couple of times but it turned out that it is not trivial. I’m in no way able to help them. I can backport 3.4.8-6+deb8u1, if you think that may be an acceptable option.
Best regards,
L
--
Luigi Gangitano -- <luigi at debian.org> -- <gangitano at lugroma3.org>
GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972 C24A F19B A618 924C 0C26
GPG: 4096R/2BA97CED: 8D48 5A35 FF1E 6EB7 90E5 0F6D 0284 F20C 2BA9 7CED
More information about the pkg-squid-devel
mailing list