This bug was fixed in the package squid - 7.6-2ubuntu1

---------------
squid (7.6-2ubuntu1) stonking; urgency=medium

  * Merge with Debian unstable (LP: #2153257). Remaining changes:
    - d/usr.sbin.squid: Add sections for squid-deb-proxy and
      squidguard
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
    - d/NEWS: drop the NIS basic auth helper (LP #1895694)
    - d/rules: halt build upon test failures.
    - d/rules: do not include additional configuration files during
      build time tests. This would lead to test failures due to missing
      paths.
    - d/t/upstream-test-suite: use installed squid binary for
      autopkgtest config file checks.
    - d/source_squid.py, d/rules: Add apport hook (LP #676141)
  * New changes:
    - d/p/fix-rust-coreutils-true.patch: fix tests when using rust-coreutils
      (LP: #2156186)
  * Dropped changes:
    - d/squid-openssl.links: fix broken manpage link for squid-openssl.
      [ Included in Debian version 7.5-1 ]
    - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
      packaging
      [ Fixed in Debian version 7.5-1 ]
    - debian/patches/CVE-2026-33526.patch: do not escape malformed URI
      twice when sending ICP errors in src/icp_v2.cc.
      [CVE-2026-33526]
      [ Included in upstream version 7.5 ]
    - debian/patches/CVE-2026-33515.patch: fix validation of packet sizes
      and URLs in src/ICP.h, src/icp_v2.cc, src/icp_v3.cc,
      src/tests/stub_icp.cc.
      [CVE-2026-33515]
      [ Included in upstream version 7.5 ]
    - debian/patches/CVE-2026-32748.patch: fix HttpRequest lifetime for ICP
      v3 queries in src/ICP.h, src/icp_v2.cc, src/icp_v3.cc,
      src/tests/stub_icp.cc.
      [CVE-2026-32748]
      [ Included in upstream version 7.5 ]
    - debian/patches/CVE-2026-47729.patch: Improve parsing of certain FTP
      directory listing formats in src/clients/FtpGateway.cc.
      [CVE-2026-47729]
      [ Included in upstream version 7.6 ]
    - debian/patches/CVE-2026-50012.patch: Harden peerDigestSwapInMask against
      invalid cache digest reply in src/peer_digest.cc.
      [CVE-2026-50012]
      [ Included in upstream version 7.6 ]

squid (7.6-2) unstable; urgency=low

  [ Amos Jeffries <[email protected]> ]
  * debian/rules
    - Sort build flags list for easier maintenance.
    - Remove obsolete --enable-async-io flag.
    - Add entries to document available features.

  * Add new external ACL helpers.

  [ Luigi Gangitano <[email protected]> ]
  * debian/changelog
    - Added references to security fixes in 7.6

squid (7.6-1) unstable; urgency=high

  [ Amos Jeffries <[email protected]> ]
  * New Upstream Release 7.6
    - Fixes: CVE-2026-47729, SQUID-2026:4
    - Fixes: CVE-2026-50012, SQUID-2026:5

  * debian/control
    - Bumped Standards-Version to 4.7.4, no change needed
    - temporary limit of build to OpenSSL v3
    - drop build dependency on XML libraries for removed ESI support

  * debian/copyright
    - sync with upstream changes

  * debian/rules
    - Remove workaround for release notes, fixed upstream

  * debian/patches/
    - refresh for new version

squid (7.5-1) unstable; urgency=high

  [ Amos Jeffries <[email protected]> ]
  * New Upstream Release 7.5
    - Fixes: CVE-2026-33526. SQUID-2026:1
    - Fixes: CVE-2026-32748. SQUID-2026:2
    - Fixes: CVE-2026-33515. SQUID-2026:3

  * debian/squid.logrotate
    - silence debug output on automated log rotation (Closes: #1128104)

  * debian/rules
    - workaround missing upstream release notes
    - polish cleanup process for built files

  * debian/debian.conf
    - add refresh_pattern rules for old repositories

  [ Renan Rodrigo Barbosa <[email protected]> ]
  * debian/squid-openssl.links
    - Fix broken manpage link for squid-openssl (Closes: #1121453)

squid (7.4-1) unstable; urgency=medium

  [ Amos Jeffries <[email protected]> ]
  * New Upstream Release 7.4

  * debian/control
    - Bumped Standards-Version to 4.7.3
    - Remove Priority field

  * debian/patches/
    - removed patches included upstream

 -- Renan Rodrigo <[email protected]>  Tue, 30 Jun 2026 16:55:05 -0300

** Changed in: squid (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2026-32748

** CVE added: https://cve.org/CVERecord?id=CVE-2026-33515

** CVE added: https://cve.org/CVERecord?id=CVE-2026-33526

** CVE added: https://cve.org/CVERecord?id=CVE-2026-47729

** CVE added: https://cve.org/CVERecord?id=CVE-2026-50012

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2153257

Title:
  Merge squid from Debian for stonking cycle

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid/+bug/2153257/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to