-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Apr 2020 19:03:02 +0200 Source: pound Binary: pound Architecture: source amd64 Version: 2.6-6+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Brett Parker <idu...@sommitrealweird.co.uk> Changed-By: Thorsten Alteholz <deb...@alteholz.de> Description: pound - reverse proxy, load balancer and HTTPS front-end for Web servers Changes: pound (2.6-6+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2016-10711 A request smuggling vulnerability was discovered in pound that may allow attackers to send a specially crafted http request to a web server or reverse proxy while pound may see a different set of requests. This facilitates several possible exploitations, such as partial cache poisoning, bypassing firewall protection and XSS. Checksums-Sha1: d256af44f2fb9c9e79a12c3a7786e807229b6509 1914 pound_2.6-6+deb8u2.dsc 91ba84c6db579b06dc82fceb790e55e344b1dc40 180595 pound_2.6.orig.tar.gz ddc634cdd7d6e91cbe91d6b74346eee981a167e9 16000 pound_2.6-6+deb8u2.debian.tar.xz 95f146d3e6ce38b1a370c9f0ffce7ad83533fa7c 103154 pound_2.6-6+deb8u2_amd64.deb Checksums-Sha256: b36e7a5e06cbf5458a1d97cb5b25b9dc41509567dfe6b74cf28dddf834024835 1914 pound_2.6-6+deb8u2.dsc 0ad25e3652e22117abbc17a70b5d8913e05991318a5506bc7437e662616fdf21 180595 pound_2.6.orig.tar.gz be119df05c7427e344eaf77e025bdea2ac6a35971b3dbff51e840dbf16e2accc 16000 pound_2.6-6+deb8u2.debian.tar.xz 9bf22cd5582ce25115ec74b4dc8fe7afa438cbfc92517ddeb8704ce2ed241a12 103154 pound_2.6-6+deb8u2_amd64.deb Files: 902b8359f06754fe24e5ca5b23fbe24e 1914 net extra pound_2.6-6+deb8u2.dsc 8c913b527332694943c4c67c8f152071 180595 net extra pound_2.6.orig.tar.gz 72319580b182ec82e47fc17bf9dd8c02 16000 net extra pound_2.6-6+deb8u2.debian.tar.xz 2382a445b4fd9a0c5167b64062477136 103154 net extra pound_2.6-6+deb8u2_amd64.deb
-----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl6qeDVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR077D/4z4YcYKm4Mzoci09W/hdAQUVuQ78+r VpZAK9N3YOFEV9JgV49EZmsLjwWv9vE/n00GUenM30GIGFcM94ZaPI14xh23RDla p7bdCNAhtX+Qzd4kEHhkjvVeScfOyT3diEtNNrL55x3Zi0iVWz3TbZO5dQvcjqsb 9BSzqlVoqQ+t8+PR7ebjB5s97Fo/NC9d0z3F2fzYhy02yJtf1veYI7A7+bhiaKiD wVt9BpMsewDZcNH1Qo+JqLxGZI4qyA4AeglAZ2RpVkPp3lyUsYDj+V6lk6UZJVdO i5IO4GcROocFtOXZyWKkjAnEhwWsvwYuWTvwqUVGvgbxRqhxhycG7HxRQZ1mivcx S+cqwWr3MZBCgXZYp3DiZeeOAUm46V0W170CLReXh3MSVwYMdvpQ3WrFCL5UhWUW DLgDSuQmYlL1lgBpqbFE0tLSUooWc8/Nqu7zYsdhcoI+oHFKJw4TGG2+Jo9M78GH klCMVM/MwimsVy/8e0f++wUy9X5F7AuZL4KbHwHuGOiF6gu99yy+LCVZrK1WIP0y gyxZ3CCxf6xbkid8e91RWBz77bfvbtECg4dsx1bIyOFcdxPxrLVvAc47wSN17/qX 546bWP7j24mKFmQ+nAKDEaPa7RcjbXHU7CexV7pbON9Z9V9Az8qVkWRMQltFdpHg y0fNZP0JBHouRQ== =ZfWD -----END PGP SIGNATURE-----