This bug was fixed in the package squid3 - 3.3.8-1ubuntu1
---------------
squid3 (3.3.8-1ubuntu1) saucy; urgency=low
* Merge from Debian unstable, remaining changes:
+ debian/control:
- Update maintainer.
- Suggests apparmor (>= 2.3)
- Depends on ssl-cert ((>= 1.0-11ubuntu1), autopkgtests
+ debian/squid3.upstart
- Move ulimit command to script section so that it applies
to the started squid daemon. Thanks to Timur Irmatov (LP: 986159)
- Work around squid not handling SIGHUP by adding respawn to
upstart job. (LP: 978356)
+ debian/NEWS.Debian: Rename NEWS.debian, add note regarding squid3
transition in 12.04 (LP: 924739)
+ debian/rules
- Re-enable all hardening options lost in the squid->squid3
transition (LP: 986314)
+ squid3.resolvconf, debian/squid3.postinst, debian/squid3.postrm,
debian/squid3.preinst, debian/squid3.prerm:
- Convert init script to upstart
+ debian/patches/99-ubuntu-ssl-cert-snakeoil:
- Use snakeoil certificates.
+ debian/logrotate
- Use sar-reports rather than sarg-maint. (LP: 26616)
+ debian/patches/90-cf.data.ubuntu.dpatch:
- Add an example refresh pattern for debs.
(foundations-lucid-local-report spec)
+ Add disabled by default AppArmor profile (LP: 497790)
- debian/squid3.upstart: load profile in pre-start stanza
- add debian/usr.sbin.squid3 profile
- debian/rules:
+ install debian/usr.sbin.squid3, etc/apparmor.d/force-complain and
etc/apparmor.d/disable into $(INSTALLDIR)
+ use dh_apparmor
- debian/squid3.install: install etc/apparmor.d/disable, force-complain
and usr.sbin.squid3
- debian/squid3.preinst: disable profile on clean install or upgrades
from earlier than when we shipped the profile
+ debian/tests:
- Add autopkgtests.
* d/control: Add dependency package for squid -> squid3 (LP: #1211942).
* d/control: Add dh-apparmor to BD's.
squid3 (3.3.8-1) unstable; urgency=high
* Urgency high due to security fixes
* New upstream release
- Fixes security issues (Closes: #716743)
+ Buffer overflow in HTTP request handling (Ref: SQUID-2013:2,
CVE-2013-4115)
+ DoS in request processing (Ref: SQUID-2013:3, CVE-2013-4123)
- Includes PNG image used in error pages, with new copyright assignement
(Closes: #683255)
* Added /var/run/squid3 dir to host sockets in SMP configuration
(Closes: #710126)
* debian/control
- Bumped Standard-Version to 3.9.4, no change needed
-- James Page <james.p...@ubuntu.com> Wed, 14 Aug 2013 09:03:55 +0100
** Changed in: squid3 (Ubuntu Saucy)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4115
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4123
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to squid3 in Ubuntu.
https://bugs.launchpad.net/bugs/1211942
Title:
Dropped squid transitional package blocks -proposed migration
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1211942/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
