-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 05 Mar 2024 23:14:44 +0100
Source: squid
Binary: squid squid-cgi squid-cgi-dbgsym squid-dbgsym squid-openssl squid-openssl-dbgsym squid-purge squid-purge-dbgsym squidclient squidclient-dbgsym
Architecture: i386
Version: 5.7-2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) <buildd_amd64-x86-ubc-02@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 squid      - Full featured Web Proxy cache (HTTP proxy GnuTLS flavour)
 squid-cgi  - Full featured Web Proxy cache (HTTP proxy) - control CGI
 squid-openssl - Full featured Web Proxy cache (HTTP proxy OpenSSL flavour)
 squid-purge - Full featured Web Proxy cache (HTTP proxy) - cache management uti
 squidclient - Full featured Web Proxy cache (HTTP proxy) - HTTP(S) message util
Changes:
 squid (5.7-2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2023-46724, CVE-2023-46846, CVE-2023-46847, CVE-2023-46848,
     CVE-2023-49285, CVE-2023-49286, CVE-2023-50269, CVE-2024-23638,
     CVE-2024-25111, CVE-2024-25617.
   * Several security vulnerabilities have been discovered in Squid, a full
     featured web proxy cache. Due to programming errors in Squid's HTTP request
     parsing, remote attackers may be able to execute a denial of service attack
     by sending large X-Forwarded-For header or trigger a stack buffer overflow
     while performing HTTP Digest authentication. Other issues facilitate
     request smuggling past a firewall or a denial of service against Squid's
     Helper process management.
     In regard to CVE-2023-46728: Please note that support for the Gopher
     protocol has simply been removed in future Squid versions. There are no
     plans by the upstream developers of Squid to fix this issue. We recommend
     to reject all Gopher URL requests instead.
Checksums-Sha1:
 f198288d87873d008037e58b5214bc6fedf4db80 154592 squid-cgi-dbgsym_5.7-2+deb12u1_i386.deb
 512db1806c5826a0c22cd74c66cc7343e6aa7e8e 164564 squid-cgi_5.7-2+deb12u1_i386.deb
 02d2f27923e635aaf5c3523815393744c7f5036d 22430100 squid-dbgsym_5.7-2+deb12u1_i386.deb
 ef99e0d8ee9e32f65677e868e063fa35acbd8281 24674260 squid-openssl-dbgsym_5.7-2+deb12u1_i386.deb
 060e4cfa250379b1cd20d8fa3f4317b8a76d6b6a 3144312 squid-openssl_5.7-2+deb12u1_i386.deb
 354434740dbb98f6e96f10b18c3efd1c1cbfd8ea 83200 squid-purge-dbgsym_5.7-2+deb12u1_i386.deb
 1d593bd8a5c0e5dd121e099c23b1710525e2368a 153704 squid-purge_5.7-2+deb12u1_i386.deb
 edb225a452c34fc2a873058428f84927d93ad226 10188 squid_5.7-2+deb12u1_i386-buildd.buildinfo
 598bf2a4d1f2dddcf759932a0929f6f0c8913ed6 2967400 squid_5.7-2+deb12u1_i386.deb
 0e1d5390c0f9b07e36144ccd952e2c78f36f20d4 189140 squidclient-dbgsym_5.7-2+deb12u1_i386.deb
 926ce5f4d8cf77ca4e0114a85ac8d97a7db8f7f1 166892 squidclient_5.7-2+deb12u1_i386.deb
Checksums-Sha256:
 8ccce5c80bc56967a954cafe5c383aa1a282ac3f97638b5092014287b31a8c46 154592 squid-cgi-dbgsym_5.7-2+deb12u1_i386.deb
 a519493a5b8d5dc99e2a9e14ce0919bf7218bd6a318c7234a879251590598f19 164564 squid-cgi_5.7-2+deb12u1_i386.deb
 686a0e222dd266cb4f0baec723564668a730ab8fcc5f4944f60652f0978f7fbf 22430100 squid-dbgsym_5.7-2+deb12u1_i386.deb
 1d90e204fe69edd64d416b0708e0903a3fcc6c725f5ccb14a6e0f65e3292999b 24674260 squid-openssl-dbgsym_5.7-2+deb12u1_i386.deb
 7c5483935bbececef8be277b671de5c860b612af1f137d98f003740171402861 3144312 squid-openssl_5.7-2+deb12u1_i386.deb
 9ff45dc7b116a7bece32da024c7ef3d892054f0084db9465e6b9fd9ea77bb78b 83200 squid-purge-dbgsym_5.7-2+deb12u1_i386.deb
 4dd1e2174d10e3c78c5527a728984f27dfc38277553ab1f9aaeef6fa9ca0b9ce 153704 squid-purge_5.7-2+deb12u1_i386.deb
 6d39faacbef49ba9e3727b9427ce0e479173db3c0fe96e2dadca34caea27c643 10188 squid_5.7-2+deb12u1_i386-buildd.buildinfo
 d18892a272fd81bb1cbc3f73e174dbe792e592ed34567b302060d157b74a8748 2967400 squid_5.7-2+deb12u1_i386.deb
 2ce6f81dcc095fdc76ad563c34cad26b5aa1fe66a1041b083bdf3a1f412fefb6 189140 squidclient-dbgsym_5.7-2+deb12u1_i386.deb
 a8d060d1224760facd2f7d6951e2987c412356b042bd1c3540e678a2664bfe0b 166892 squidclient_5.7-2+deb12u1_i386.deb
Files:
 7cf429d93752c4db90ba965ab8431cc2 154592 debug optional squid-cgi-dbgsym_5.7-2+deb12u1_i386.deb
 7ac7f0b25b27c336194d84ed0ef9eca3 164564 web optional squid-cgi_5.7-2+deb12u1_i386.deb
 2ad6c345bbf2bb9091739d1ab65b9834 22430100 debug optional squid-dbgsym_5.7-2+deb12u1_i386.deb
 65d0d912ffacef03d10da032ba860dfa 24674260 debug optional squid-openssl-dbgsym_5.7-2+deb12u1_i386.deb
 dd2bd21b0888a5c0e7f2874d1a4c9d7a 3144312 web optional squid-openssl_5.7-2+deb12u1_i386.deb
 89d64f450840fc709a5660bbca98f6fd 83200 debug optional squid-purge-dbgsym_5.7-2+deb12u1_i386.deb
 665faec97728d032664be4959ce061ba 153704 web optional squid-purge_5.7-2+deb12u1_i386.deb
 e2a1dda27521f072599440c327eb38c3 10188 web optional squid_5.7-2+deb12u1_i386-buildd.buildinfo
 1a5cf39327752857bcd2f328dbfe4561 2967400 web optional squid_5.7-2+deb12u1_i386.deb
 d86687ee2081ed881db76ef2c117007c 189140 debug optional squidclient-dbgsym_5.7-2+deb12u1_i386.deb
 aec260c44d9aed8f45e2086172587de8 166892 web optional squidclient_5.7-2+deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEJyRdn7p9tGRfxctAots23/koc0EFAmXnuGAACgkQots23/ko
c0GFqw//fUT0W7/iwqEIzBEo9WU1nmI3Pk5kZlyBKKkKzgah5fg9XLnTQwNHAz0r
6ZQ8yH3t6TWOmavj+C74YEENfa9YKCQS7tUN0qI5FutZcG74aUc97mf3idIbjkKt
2+t/iQfe9wnPXx/9zT2K+AHOuGSSv8gRCg7Y8I+/gYha2/5LzG/eNvxvDkyvL7HA
dW+xtqdDUC0jfvcGP7kAz7VPcTUSHqdDweyqq0ut4XWypIalssUYrcxsa+hIsXW1
wAZIGWjo02WWao2LkaPHHUIZezHxe16Y7xsR1sL844lYgePsjCjuvkvy/Cn5AbND
5bquY4DkpXv0yDlXiZErnqdwMcjDrTW+dOM2wLtiITU+wa6XWDkEOblBZ1cdWRY+
FRcaVHXyv/YLYdfYIB63JrF7Fd9Y4B+4wKveQnagYdFVO2HzuOYng2lsNB6JKRnV
OODdgqWSt7U94BRlVJU22ZhvgSkko6tZI8/9KVz4SaA6FzhTANKzQkUlz2Sj0qVj
528jCzJxGgpJNoOCubgbCVdlYJW5ED4esj8o7nD/Wq6XFqVZIdyDXMlVEGb2UTTd
ADLiPZc4W9PKF3soCWEHf3EPdq99c7CSaH4PDwfCu709DAw/FCXuQJ20WCURujN+
Qteh28xS/GIaDWewFhQwHm+V/Ltdmafe2ygSk2lswvCFYuH7GcA=
=yc8m
-----END PGP SIGNATURE-----