This bug was fixed in the package squid3 - 3.5.23-1ubuntu1 --------------- squid3 (3.5.23-1ubuntu1) zesty; urgency=medium
* Merge from Debian (LP: #1644538). Remaining changes: - Add additional dep8 tests. - Use snakeoil certificates. - Add an example refresh pattern for debs. - Add disabled by default AppArmor profile. - Revert "Set pidfile for systemd's sysv-generator" from Debian. - Drop wrong short-circuiting of various invocations; we always want to call the debhelper block. - Add missing Pre-Depends on adduser. - Enable autoreconf. This is no longer required for the security updates, but is needed for the seddery of test-suite/Makefile.am in d/t/upstream-test-suite. * Drop changes (adopted in Debian): - Run sarg-reports if present before rotating logs. - Add lsb-release build dep. * Drop changes that no longer make a functional difference in Ubuntu, but may still be relevant to send to Debian: - d/squid3.postinst: don't try to stop squid3 again. - d/squid3.postrm: don't rm -f conffiles in purge. - Drop squid3 dependencies on ${shlib:Depends} and lsb-base. - Drop creation of /etc/squid. * Drop unnecessary changes: - Add executable bits to d/squid.preinst. * Drop changes relating to the upgrade path from prior to Xenial, so no longer required: - /var/spool/squid3 upgrade path handling. - Conffile upgrade path handling. - Remove redundant version-guarded restart code from squid postinst. - Clean up apparmor links for usr.sbin.squid3 on upgrade. - Attempt to migrate /var/log/squid3 -> /var/log/squid on upgrade. - Add Breaks on older ufw to fix upgrade path. - Use Breaks instead of Conflicts. Instead, drop the Conflicts/Replaces entirely (see below). * Drop security fixes: all included in 3.5.23 upstream. * Drop Conflicts/Replaces of squid against squid3. In Ubuntu, the migration happened in Xenial, so no upgrade path still requires this code. This reduces upgrade ordering difficulty. * Fix failing autopkgtests: - Adjust Python module dependencies. - Correctly handle the squid3 -> squid rename. - Adjust seddery for upstream test squid binary location. * Drop dependency on init-system-helpers. This was introduced in LP 1432683. Since we no longer ship an upstart job, it is no longer required. * Correct attribution and add explanatory note in d/NEWS.debian. squid3 (3.5.23-1) unstable; urgency=high [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release (Closes: #793473, #822952) - Fixes security issue SQUID-2016:10 (CVE-2016-10003) (Closes: #848491) - Fixes security issue SQUID-2016:11 (CVE-2016-10002) (Closes: #848493) * debian/patches/ - Remove patch included upstream * debian/tests/ - Use package build-deps when testing so the make commands will work squid3 (3.5.22-1) unstable; urgency=medium [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release * debian/patches - Add upstream patch to fix adaptation crashes * debian/{control, rules, squid.postinst} - Accept patch to remove setuid from pinger (Closes: #822992) [ Luigi Gangitano ] * debian/compat - Bump to debhelper compatibility level 10 * debian/{control,tests/} - Add DEP-8 autopkgtest for upstream test suite, thanks to Santiago Ruano Rincan (Closes: #829141) * debian/rules - Avoid linking with unneeded libraries, thanks to Yuriy M. Kaminskiyi (Closes: #822998) squid3 (3.5.19-1) unstable; urgency=high [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release (Closes: #823968) - Fixes security issue SQUID-2016:7 (CVE-2016-4553) - Fixes security issue SQUID-2016:8 (CVE-2016-4554) - Fixes security issue SQUID-2016:9 (CVE-2016-4555, CVE-2016-4556) * debian/control - Bumped Standards-Version to 3.9.8, no change needed * debian/rules - Send hardening CPPFLAGS to custom build tools squid3 (3.5.17-1) unstable; urgency=high [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release - Fixes security issue SQUID-2016:5 (CVE-2016-4051) - Fixes security issue SQUID-2016:6 (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054) squid3 (3.5.16-1) unstable; urgency=high [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release - Fixes security issue SQUID-2016:3 (CVE-2016-3947) (Closes: #819783) - Fixes security issue SQUID-2016:4 (CVE-2016-3948) (Closes: #819784) * debian/patches/ - Remove patch included upstream squid3 (3.5.15-1) unstable; urgency=high [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release - Fixes security issues SQUID-2016:2 (CVE-2016-2569, CVE-2016-2570, CVE-2016-2571) (Closes: #816011) * debian/patches/03-upstream-bug4447.patch - add upstream patch for their bug #4447 [ Robie Basak <robie.ba...@canonical.com> ] * debian/control - Add lsb-release build dep. This is required for the --enable-build-info line in debian/rules to work correctly. * debian/squid.logrotate - Run sarg-reports if present before rotating logs. [ Luigi Gangitano <lu...@debian.org> ] * debian/control - Bumped Standards-Version to 3.9.7, no change needed squid3 (3.5.14-1) unstable; urgency=medium [ Amos Jeffries <amosjeffr...@squid-cache.org> ] * New Upstream Release (Closes: #812038) * debian/control - add Depends libdbi-perl (Closes: #807512) - Fixed lintian complaint about squid3 package description - Fixed Vcs-Git Header pointing anonscm.debian.org * debian/rules - build ext_time_quota_acl helper (LP: #1391159) * debian/squid.install - add missing helper man pages -- Robie Basak <robie.ba...@ubuntu.com> Tue, 24 Jan 2017 15:47:44 +0000 ** Changed in: squid3 (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-10002 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-10003 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2569 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2570 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2571 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-3947 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-3948 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-4051 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-4052 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-4053 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-4054 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-4553 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-4554 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-4555 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-4556 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1644538 Title: Please sync Squid 3.5 latest from Debian To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1644538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs