Bug 209334

Summary: www/squid(-devel)?: update to latest version (multiple vulnerabilities)
Product: Ports & Packages Reporter: Pavel Timofeev <timp87>
Component: Individual Port(s)Assignee: Matthew Seaman <matthew>
Status: Closed FIXED    
Severity: Affects Only Me CC: matthew
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
www/squid patch
timp87: maintainer-approval+
www/squid-devel patch timp87: maintainer-approval+

Description Pavel Timofeev 2016-05-06 16:18:20 UTC 
Here is a list obtained here http://www.squid-cache.org/Advisories/:
  SQUID-2016:9, May 06, 2016
    Fixed from 4.0.10, 3.5.18 
    Multiple Denial of Service issues in ESI Response processing.
  SQUID-2016:8, May 06, 2016
    Fixed from 4.0.10, 3.5.18 
    Header smuggling issue in HTTP Request processing.
  SQUID-2016:7, May 06, 2016
    Fixed from 4.0.10, 3.5.18 
    Cache poisoning issue in HTTP Request handling.


I'll provide patches a bit later.
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-05-07 11:56:56 UTC 
A commit references this bug:

Author: matthew
Date: Sat May  7 11:56:27 UTC 2016
New revision: 414774
URL: https://svnweb.freebsd.org/changeset/ports/414774

Log:
  Document three security advisories for the squid and squid-devel
  ports.  CVE numbers are not yet available.

  PR:		209334
  Submitted by:	timp87@gmail.com (maintainer)

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Pavel Timofeev 2016-05-11 09:43:15 UTC 
Created attachment 170203 [details]
www/squid patch
Comment 3 Pavel Timofeev 2016-05-11 09:59:30 UTC 
Created attachment 170207 [details]
www/squid-devel patch
Comment 4 Pavel Timofeev 2016-05-11 10:06:14 UTC 
Please, note CVE numbers are available now
Comment 5 Matthew Seaman freebsd_committer freebsd_triage 2016-05-11 10:54:07 UTC 
CVE Numbers have already been added to vuln.xml
Comment 6 commit-hook freebsd_committer freebsd_triage 2016-05-11 12:57:01 UTC 
A commit references this bug:

Author: matthew
Date: Wed May 11 12:56:26 UTC 2016
New revision: 414987
URL: https://svnweb.freebsd.org/changeset/ports/414987

Log:
  Security update to 3.5.19

  PR:		209334
  Submitted by:	timp87@gmail.com (maintainer)
  Security:	25e5205b-1447-11e6-9ead-6805ca0b3d42

Changes:
  head/www/squid/Makefile
  head/www/squid/distinfo
Comment 7 commit-hook freebsd_committer freebsd_triage 2016-05-11 13:44:08 UTC 
A commit references this bug:

Author: matthew
Date: Wed May 11 13:43:44 UTC 2016
New revision: 414993
URL: https://svnweb.freebsd.org/changeset/ports/414993

Log:
  Security update to 4.0.10

  PR:		209334
  Submitted by:	timp87@gmail.com (maintainer)
  MFH:		2016Q2
  Security:	25e5205b-1447-11e6-9ead-6805ca0b3d42

Changes:
  head/www/squid-devel/Makefile
  head/www/squid-devel/distinfo
Comment 8 commit-hook freebsd_committer freebsd_triage 2016-05-11 15:08:29 UTC 
A commit references this bug:

Author: matthew
Date: Wed May 11 15:07:26 UTC 2016
New revision: 415007
URL: https://svnweb.freebsd.org/changeset/ports/415007

Log:
  MFH: r414987

  Security update to 3.5.19

  PR:		209334
  Submitted by:	timp87@gmail.com (maintainer)
  Security:	25e5205b-1447-11e6-9ead-6805ca0b3d42

  Approved by:	ports-secteam (junovitch)

Changes:
_U  branches/2016Q2/
  branches/2016Q2/www/squid/Makefile
  branches/2016Q2/www/squid/distinfo
Comment 9 Matthew Seaman freebsd_committer freebsd_triage 2016-05-11 15:13:42 UTC 
Can't do a MFH for www/squid-devel sine that port is newer than the 2016Q2 branch.

Other than that: all committed, thanks!