[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 445-2] squid3 regression update

Package        : squid3
Version        : 3.1.6-1.2+squeeze7
CVE ID         : CVE-2016-2569
Debian Bug     : 816601

The backported patch to solve CVE-2016-2569 yielded to failed assertions
that made squid3 to crash when closing connections. The fix for this CVE
strongly relies on exception handling present in more recent versions of
squid3, that I failed to identify in the previous update. I have
reverted the patch to take the safest position, taking into account that
Squeeze users should migrate to a supported version of Debian. This
post-EOL update is intended to keep a functional squid3 package in the

Attachment: signature.asc
Description: Digital signature

Reply to: