Bug 209334 - www/squid(-devel)?: update to latest version (multiple vulnerabilities)
Summary: www/squid(-devel)?: update to latest version (multiple vulnerabilities)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Matthew Seaman
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-06 16:18 UTC by timp87
Modified: 2016-05-11 15:13 UTC (History)
1 user (show)

See Also:


Attachments
www/squid patch (1017 bytes, patch)
2016-05-11 09:43 UTC, timp87
timp87: maintainer-approval+
Details | Diff
www/squid-devel patch (1017 bytes, patch)
2016-05-11 09:59 UTC, timp87
timp87: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description timp87 2016-05-06 16:18:20 UTC
Here is a list obtained here http://www.squid-cache.org/Advisories/:
  SQUID-2016:9, May 06, 2016
    Fixed from 4.0.10, 3.5.18 
    Multiple Denial of Service issues in ESI Response processing.
  SQUID-2016:8, May 06, 2016
    Fixed from 4.0.10, 3.5.18 
    Header smuggling issue in HTTP Request processing.
  SQUID-2016:7, May 06, 2016
    Fixed from 4.0.10, 3.5.18 
    Cache poisoning issue in HTTP Request handling.


I'll provide patches a bit later.
Comment 1 commit-hook freebsd_committer 2016-05-07 11:56:56 UTC
A commit references this bug:

Author: matthew
Date: Sat May  7 11:56:27 UTC 2016
New revision: 414774
URL: https://svnweb.freebsd.org/changeset/ports/414774

Log:
  Document three security advisories for the squid and squid-devel
  ports.  CVE numbers are not yet available.

  PR:		209334
  Submitted by:	timp87@gmail.com (maintainer)

Changes:
  head/security/vuxml/vuln.xml
Comment 2 timp87 2016-05-11 09:43:15 UTC
Created attachment 170203 [details]
www/squid patch
Comment 3 timp87 2016-05-11 09:59:30 UTC
Created attachment 170207 [details]
www/squid-devel patch
Comment 4 timp87 2016-05-11 10:06:14 UTC
Please, note CVE numbers are available now
Comment 5 Matthew Seaman freebsd_committer 2016-05-11 10:54:07 UTC
CVE Numbers have already been added to vuln.xml
Comment 6 commit-hook freebsd_committer 2016-05-11 12:57:01 UTC
A commit references this bug:

Author: matthew
Date: Wed May 11 12:56:26 UTC 2016
New revision: 414987
URL: https://svnweb.freebsd.org/changeset/ports/414987

Log:
  Security update to 3.5.19

  PR:		209334
  Submitted by:	timp87@gmail.com (maintainer)
  Security:	25e5205b-1447-11e6-9ead-6805ca0b3d42

Changes:
  head/www/squid/Makefile
  head/www/squid/distinfo
Comment 7 commit-hook freebsd_committer 2016-05-11 13:44:08 UTC
A commit references this bug:

Author: matthew
Date: Wed May 11 13:43:44 UTC 2016
New revision: 414993
URL: https://svnweb.freebsd.org/changeset/ports/414993

Log:
  Security update to 4.0.10

  PR:		209334
  Submitted by:	timp87@gmail.com (maintainer)
  MFH:		2016Q2
  Security:	25e5205b-1447-11e6-9ead-6805ca0b3d42

Changes:
  head/www/squid-devel/Makefile
  head/www/squid-devel/distinfo
Comment 8 commit-hook freebsd_committer 2016-05-11 15:08:29 UTC
A commit references this bug:

Author: matthew
Date: Wed May 11 15:07:26 UTC 2016
New revision: 415007
URL: https://svnweb.freebsd.org/changeset/ports/415007

Log:
  MFH: r414987

  Security update to 3.5.19

  PR:		209334
  Submitted by:	timp87@gmail.com (maintainer)
  Security:	25e5205b-1447-11e6-9ead-6805ca0b3d42

  Approved by:	ports-secteam (junovitch)

Changes:
_U  branches/2016Q2/
  branches/2016Q2/www/squid/Makefile
  branches/2016Q2/www/squid/distinfo
Comment 9 Matthew Seaman freebsd_committer 2016-05-11 15:13:42 UTC
Can't do a MFH for www/squid-devel sine that port is newer than the 2016Q2 branch.

Other than that: all committed, thanks!