-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : pound Version : 2.6-2+deb7u2 CVE ID : CVE-2016-10711 Debian Bug : 888786
A request smuggling vulnerability was discovered in pound that may allow attackers to send a specially crafted http request to a web server or reverse proxy while pound may see a different set of requests. This facilitates several possible exploitations, such as partial cache poisoning, bypassing firewall protection and XSS. For Debian 7 "Wheezy", these problems have been fixed in version 2.6-2+deb7u2. We recommend that you upgrade your pound packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqCIChfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSemg/9HWe6MOlsUrsEASuId82J1pdqa5Ie0irz1XPqmBqci2GCX2Brbil427Jd qu7XcPa52zRmvlI4GTOGflnQGA7f5yMl5F1H5fggr1qGVyToibD/8RRX1hkcFM7W XKFChPqiIW/z9QbYZCkcn4VBPleWDrR2Y/dXfx1glh7qa/u0Z4J/JRELFXT765sn okYmMXY4eiL1BHqVMk5gweedWZhMntJfxHniBgHMBHE/HZl9+qBP/DTPb5sFftkv frjJkjRriPAfpRisIxKdhta8PQDHIHC2Ti1RnvC4Q/U5aSMN7EeptUaDw7VRvzAV eoSh/MZ7Whs+Mo5C/3ESlO3wFAXuEsuzDFAb+WW6MP8HxZmxBrK7DoM1EhWPkALH BsGMKGJVPq3j15w/DhDbflvlhi/30NOqhDLIt6Rfn10xY4cQCiyxr5M1mOkPlm/w 8su0n1wqnjU0HWVuMURgNo/5X55MGZeQwa89fStTbCZD94IjBaUVyKBi1aNvzygX 5eKESXUxZifgSmpCwppgUg3FLqMT8IvLx9NrvGqcXhgoGciywRehP9otmHUl9M0L dNzHgYjbxphaOyo79VCMqFxQ8MSDHuvJKyXO9gmBtuqbx8BGbNiPNlCIAnpm7g3L kVdbpYFmkj5GIEh+6VGv1TiVtxoi3J+UthtalE7D9UQNF6knjSQ= =575O -----END PGP SIGNATURE-----