Bug 208939 - www/squid: update to 3.5.17 (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054/SQUID-2016:6)
Summary: www/squid: update to 3.5.17 (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054/SQUI...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Some People
Assignee: Kurt Jaeger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-20 18:10 UTC by timp87
Modified: 2016-04-21 07:46 UTC (History)
1 user (show)

See Also:
pi: maintainer-feedback+
pi: merge-quarterly+


Attachments
port patch (3.37 KB, patch)
2016-04-20 18:10 UTC, timp87
timp87: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description timp87 2016-04-20 18:10:59 UTC
Created attachment 169499 [details]
port patch

SQUID-2016:6 (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054), Apr 20, 2016
Fixed from 4.0.9, 3.5.17 
Multiple issues in ESI processing

http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
Comment 1 Kurt Jaeger freebsd_committer 2016-04-20 18:28:59 UTC
testbuilds@work
Comment 2 commit-hook freebsd_committer 2016-04-20 18:49:58 UTC
A commit references this bug:

Author: pi
Date: Wed Apr 20 18:49:29 UTC 2016
New revision: 413697
URL: https://svnweb.freebsd.org/changeset/ports/413697

Log:
  www/squid: 3.5.16 -> 3.5.17

  Changes:
    http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID_3_5_17.html
    http://www.squid-cache.org/Advisories/SQUID-2016_5.txt

  PR:		208939
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  MFH:		2016Q2
  Security:	CVE-2016-4052, CVE-2016-4053, CVE-2016-4054

Changes:
  head/www/squid/Makefile
  head/www/squid/distinfo
Comment 3 commit-hook freebsd_committer 2016-04-21 02:02:28 UTC
A commit references this bug:

Author: junovitch
Date: Thu Apr 21 02:01:29 UTC 2016
New revision: 413710
URL: https://svnweb.freebsd.org/changeset/ports/413710

Log:
  Document squid -- multiple vulnerabilities

  PR:		208939
  Reported by:	Pavel Timofeev <timp87@gmail.com>
  Security:	CVE-2016-4054
  Security:	CVE-2016-4053
  Security:	CVE-2016-4052
  Security:	CVE-2016-4051
  Security:	https://vuxml.FreeBSD.org/freebsd/e05bfc92-0763-11e6-94fa-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 4 commit-hook freebsd_committer 2016-04-21 07:44:56 UTC
A commit references this bug:

Author: pi
Date: Thu Apr 21 07:44:45 UTC 2016
New revision: 413719
URL: https://svnweb.freebsd.org/changeset/ports/413719

Log:
  MFH: r413688 r413697

  www/squid: Add all available official patches up to 14031

  It fixes two annoying and long-standing problems:
  - header forgery detection (using sslbump) leads to crash
  - add chained certificates and signing certificate to
    peek-then-bumped connections.

  PR:		207901
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  Reported by:	Christophe Anselme-Moizan <christophe.anselmemoizan@orange.com>

  www/squid: 3.5.16 -> 3.5.17

  Changes:
    http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID_3_5_17.html
    http://www.squid-cache.org/Advisories/SQUID-2016_5.txt

  PR:		208939
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  Security:	CVE-2016-4052, CVE-2016-4053, CVE-2016-4054

  Approved by:	ports-secteam (junovitch)

Changes:
_U  branches/2016Q2/
  branches/2016Q2/www/squid/Makefile
  branches/2016Q2/www/squid/distinfo
  branches/2016Q2/www/squid/files/patch-src__ip__Intercept.cc