enterprise-support team mailing list archive

Thread
Date

[Bug 1946903] Re: Merge squid from Debian unstable for 22.04

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1946903@xxxxxxxxxxxxxxxxxx>
Date: Sun, 07 Nov 2021 19:33:27 -0000
Reply-to: Bug 1946903 <1946903@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

This bug was fixed in the package squid - 5.2-1ubuntu1

---------------
squid (5.2-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1946903). Remaining changes:
    - d/usr.sbin.squid: Add sections for squid-deb-proxy and
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
      packaging
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
    - d/rules, d/NEWS: drop the NIS basic auth helper (LP #1895694)
    - Fix FTBFS with GCC 11 (LP #1939352)
      + d/p/expand-max-pkt-sz-accomodate-icmphdr.patch: Expand
        MAX_PKT{4,6}_SZ to accomodate for icmp{,6_}hdr.
      + d/p/workaround-gcc11-wstringop-overread-bug.patch: Workaround
        GCC 11 -Wstringop-overread bug.
  * Dropped changes:
    - d/p/0008-Fix-free-nonheap-object-warning-error-on-snmp_core.c.patch:
      Fix call to free on nonheap-object in snmpCreateOidFromStr
      [ Incorporated by upstream. ]
    - Fix failure to build on RISC-V (LP #1934891)
      [ Incorporated by upstream. ]
    - SECURITY UPDATE: information disclosure via OOB read in WCCP protocol
      + debian/patches/CVE-2021-28116.patch: validate packets better in
        src/wccp2.cc.
      + CVE-2021-28116
      [ Incorporated by upstream. ]
    - Fix FTBFS with GCC 11 (LP #1939352)
      + d/p/replace-cbdata-offset-hack-with-offsetof.patch: Replace
        cbdata::Offset hack with offsetof().
      + d/p/add-missing-limits-include-connmark.patch: Add missing
        <limits> include to src/acl/ConnMark.cc.
      [ Incorporated by upstream.  This is a partial drop; the other
        two patches that compose this fix are still present in this
        release. ]

 -- Sergio Durigan Junior <sergio.durigan@xxxxxxxxxxxxx>  Mon, 01 Nov
2021 18:19:59 -0400

** Changed in: squid (Ubuntu)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28116

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to squid in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1946903

Title:
  Merge squid from Debian unstable for 22.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1946903/+subscriptions

References

[Bug 1946903] [NEW] Merge squid from Debian unstable for 22.04
From: Bryce Harrington, 2021-10-13