This bug was fixed in the package squid - 7.6-2ubuntu1
---------------
squid (7.6-2ubuntu1) stonking; urgency=medium
* Merge with Debian unstable (LP: #2153257). Remaining changes:
- d/usr.sbin.squid: Add sections for squid-deb-proxy and
squidguard
- Use snakeoil certificates:
+ d/control: add ssl-cert to dependencies
+ d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
to the default config file
- d/NEWS: drop the NIS basic auth helper (LP #1895694)
- d/rules: halt build upon test failures.
- d/rules: do not include additional configuration files during
build time tests. This would lead to test failures due to missing
paths.
- d/t/upstream-test-suite: use installed squid binary for
autopkgtest config file checks.
- d/source_squid.py, d/rules: Add apport hook (LP #676141)
* New changes:
- d/p/fix-rust-coreutils-true.patch: fix tests when using rust-coreutils
(LP: #2156186)
* Dropped changes:
- d/squid-openssl.links: fix broken manpage link for squid-openssl.
[ Included in Debian version 7.5-1 ]
- d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
packaging
[ Fixed in Debian version 7.5-1 ]
- debian/patches/CVE-2026-33526.patch: do not escape malformed URI
twice when sending ICP errors in src/icp_v2.cc.
[CVE-2026-33526]
[ Included in upstream version 7.5 ]
- debian/patches/CVE-2026-33515.patch: fix validation of packet sizes
and URLs in src/ICP.h, src/icp_v2.cc, src/icp_v3.cc,
src/tests/stub_icp.cc.
[CVE-2026-33515]
[ Included in upstream version 7.5 ]
- debian/patches/CVE-2026-32748.patch: fix HttpRequest lifetime for ICP
v3 queries in src/ICP.h, src/icp_v2.cc, src/icp_v3.cc,
src/tests/stub_icp.cc.
[CVE-2026-32748]
[ Included in upstream version 7.5 ]
- debian/patches/CVE-2026-47729.patch: Improve parsing of certain FTP
directory listing formats in src/clients/FtpGateway.cc.
[CVE-2026-47729]
[ Included in upstream version 7.6 ]
- debian/patches/CVE-2026-50012.patch: Harden peerDigestSwapInMask against
invalid cache digest reply in src/peer_digest.cc.
[CVE-2026-50012]
[ Included in upstream version 7.6 ]
squid (7.6-2) unstable; urgency=low
[ Amos Jeffries <[email protected]> ]
* debian/rules
- Sort build flags list for easier maintenance.
- Remove obsolete --enable-async-io flag.
- Add entries to document available features.
* Add new external ACL helpers.
[ Luigi Gangitano <[email protected]> ]
* debian/changelog
- Added references to security fixes in 7.6
squid (7.6-1) unstable; urgency=high
[ Amos Jeffries <[email protected]> ]
* New Upstream Release 7.6
- Fixes: CVE-2026-47729, SQUID-2026:4
- Fixes: CVE-2026-50012, SQUID-2026:5
* debian/control
- Bumped Standards-Version to 4.7.4, no change needed
- temporary limit of build to OpenSSL v3
- drop build dependency on XML libraries for removed ESI support
* debian/copyright
- sync with upstream changes
* debian/rules
- Remove workaround for release notes, fixed upstream
* debian/patches/
- refresh for new version
squid (7.5-1) unstable; urgency=high
[ Amos Jeffries <[email protected]> ]
* New Upstream Release 7.5
- Fixes: CVE-2026-33526. SQUID-2026:1
- Fixes: CVE-2026-32748. SQUID-2026:2
- Fixes: CVE-2026-33515. SQUID-2026:3
* debian/squid.logrotate
- silence debug output on automated log rotation (Closes: #1128104)
* debian/rules
- workaround missing upstream release notes
- polish cleanup process for built files
* debian/debian.conf
- add refresh_pattern rules for old repositories
[ Renan Rodrigo Barbosa <[email protected]> ]
* debian/squid-openssl.links
- Fix broken manpage link for squid-openssl (Closes: #1121453)
squid (7.4-1) unstable; urgency=medium
[ Amos Jeffries <[email protected]> ]
* New Upstream Release 7.4
* debian/control
- Bumped Standards-Version to 4.7.3
- Remove Priority field
* debian/patches/
- removed patches included upstream
-- Renan Rodrigo <[email protected]> Tue, 30 Jun 2026 16:55:05 -0300
** Changed in: squid (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2026-32748
** CVE added: https://cve.org/CVERecord?id=CVE-2026-33515
** CVE added: https://cve.org/CVERecord?id=CVE-2026-33526
** CVE added: https://cve.org/CVERecord?id=CVE-2026-47729
** CVE added: https://cve.org/CVERecord?id=CVE-2026-50012
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2153257
Title:
Merge squid from Debian for stonking cycle
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid/+bug/2153257/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs