Bug 208939 - www/squid: update to 3.5.17 (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054/SQUID-2016:6)
Summary: www/squid: update to 3.5.17 (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054/SQUI...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Some People
Assignee: Kurt Jaeger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-20 18:10 UTC by Pavel Timofeev
Modified: 2016-04-21 07:46 UTC (History)
1 user (show)

See Also:
pi: maintainer-feedback+
pi: merge-quarterly+

Attachments
port patch (3.37 KB, patch)
2016-04-20 18:10 UTC, Pavel Timofeev 		timp87: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Timofeev 2016-04-20 18:10:59 UTC 
Created attachment 169499 [details]
port patch

SQUID-2016:6 (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054), Apr 20, 2016
Fixed from 4.0.9, 3.5.17 
Multiple issues in ESI processing

http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
Comment 1 Kurt Jaeger freebsd_committer freebsd_triage 2016-04-20 18:28:59 UTC 
testbuilds@work
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-04-20 18:49:58 UTC 
A commit references this bug:

Author: pi
Date: Wed Apr 20 18:49:29 UTC 2016
New revision: 413697
URL: https://svnweb.freebsd.org/changeset/ports/413697

Log:
  www/squid: 3.5.16 -> 3.5.17

  Changes:
    http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID_3_5_17.html
    http://www.squid-cache.org/Advisories/SQUID-2016_5.txt

  PR:		208939
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  MFH:		2016Q2
  Security:	CVE-2016-4052, CVE-2016-4053, CVE-2016-4054

Changes:
  head/www/squid/Makefile
  head/www/squid/distinfo
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-04-21 02:02:28 UTC 
A commit references this bug:

Author: junovitch
Date: Thu Apr 21 02:01:29 UTC 2016
New revision: 413710
URL: https://svnweb.freebsd.org/changeset/ports/413710

Log:
  Document squid -- multiple vulnerabilities

  PR:		208939
  Reported by:	Pavel Timofeev <timp87@gmail.com>
  Security:	CVE-2016-4054
  Security:	CVE-2016-4053
  Security:	CVE-2016-4052
  Security:	CVE-2016-4051
  Security:	https://vuxml.FreeBSD.org/freebsd/e05bfc92-0763-11e6-94fa-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-04-21 07:44:56 UTC 
A commit references this bug:

Author: pi
Date: Thu Apr 21 07:44:45 UTC 2016
New revision: 413719
URL: https://svnweb.freebsd.org/changeset/ports/413719

Log:
  MFH: r413688 r413697

  www/squid: Add all available official patches up to 14031

  It fixes two annoying and long-standing problems:
  - header forgery detection (using sslbump) leads to crash
  - add chained certificates and signing certificate to
    peek-then-bumped connections.

  PR:		207901
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  Reported by:	Christophe Anselme-Moizan <christophe.anselmemoizan@orange.com>

  www/squid: 3.5.16 -> 3.5.17

  Changes:
    http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID_3_5_17.html
    http://www.squid-cache.org/Advisories/SQUID-2016_5.txt

  PR:		208939
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  Security:	CVE-2016-4052, CVE-2016-4053, CVE-2016-4054

  Approved by:	ports-secteam (junovitch)

Changes:
_U  branches/2016Q2/
  branches/2016Q2/www/squid/Makefile
  branches/2016Q2/www/squid/distinfo
  branches/2016Q2/www/squid/files/patch-src__ip__Intercept.cc