enterprise-support team mailing list archive

Thread
Date

[Bug 2073322] Re: Upstream microrelease 6.10

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <2073322@xxxxxxxxxxxxxxxxxx>
Date: Fri, 13 Sep 2024 03:49:10 -0000
Reply-to: Bug 2073322 <2073322@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

This bug was fixed in the package squid - 6.10-1ubuntu1

---------------
squid (6.10-1ubuntu1) oracular; urgency=medium

  * Merge with Debian unstable (LP: #2073322). Remaining changes:
    - d/usr.sbin.squid: Add sections for squid-deb-proxy and
      squidguard
    - d/p/90-cf.data.ubuntu.patch: Add refresh patterns for deb
      packaging
    - Use snakeoil certificates:
      + d/control: add ssl-cert to dependencies
      + d/p/99-ubuntu-ssl-cert-snakeoil.patch: add a note about ssl
        to the default config file
    - d/NEWS: drop the NIS basic auth helper (LP #1895694)
    - d/p/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch:
      Fix FTBFS due to -Werror=alloc-size-larger-than on GCC 12.
    - d/rules: halt build upon test failures.
    - d/rules: do not include additional configuration files during
      build time tests. This would lead to test failures due to missing
      paths.
    - d/t/upstream-test-suite: use installed squid binary for
      autopkgtest config file checks.
    - d/p/0010-Fix-Werror-sign-compare-on-GCC-13.patch: fix comparison
      between signed and unsigned values.
    - d/rules: disable LTO related compilation errors for ppc64el builds.
    - d/source_squid.py, d/rules: Add apport hook (LP #676141)
  * Dropped changes:
    - d/t/upstream-test-suite: adjust autopkgtests following dpkg
      changes enabling ELF metadata. (LP #2071468)
      [ LP bug fixed in dpkg,binutils ]
    - SECURITY UPDATE: DoS in ESI processing using multi-byte characters
      + debian/patches/CVE-2024-37894.patch: fix variable datatype to handle
        variables names outside standard ASCII characters
      + CVE-2024-37894
      [ Fixed in 6.10 ]

squid (6.10-1) unstable; urgency=high

  [ Amos Jeffries <amosjeffries@xxxxxxxxxxxxxxx> ]
  * New Upstream Release 6.10
    Fixes: CVE-2024-37894. SQUID-2024:3 (Closes: #1074284)

 -- Renan Rodrigo <renanrodrigo@xxxxxxxxxxxxx>  Thu, 12 Sep 2024
16:23:16 -0300

** Changed in: squid (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-37894

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to squid in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2073322

Title:
  Upstream microrelease 6.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid/+bug/2073322/+subscriptions

References

[Bug 2073322] [NEW] Backport of squid for focal, jammy and noble
From: Bryce Harrington, 2024-07-17