squid3 (3.5.12-1ubuntu7.10) xenial-security; urgency=medium
* SECURITY UPDATE: info disclosure via FTP server
- debian/patches/CVE-2019-12528.patch: fix FTP buffers handling in
src/clients/FtpGateway.cc.
- CVE-2019-12528
* SECURITY UPDATE: incorrect input validation and buffer management
- debian/patches/CVE-2020-84xx-1.patch: ignore malformed Host header in
intercept and reverse proxy mode in src/client_side.cc.
- debian/patches/CVE-2020-84xx-2.patch: fix request URL generation in
reverse proxy configurations in src/client_side.cc.
- debian/patches/CVE-2020-84xx-3.patch: fix security patch in
src/client_side.cc.
- CVE-2020-8449
- CVE-2020-8450
* SECURITY UPDATE: DoS in NTLM authentication
- debian/patches/CVE-2020-8517.patch: improved username handling in
helpers/external_acl/LM_group/ext_lm_group_acl.cc.
- CVE-2020-8517
Date: 2020-02-19 19:23:15.762451+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/squid3/3.5.12-1ubuntu7.10
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
