RFH: fixing some squid2 remaining open bugs. (was: Should we give security support for squid when wheezy also has squid3?)

To: Debian LTS <debian-lts@lists.debian.org>
Subject: RFH: fixing some squid2 remaining open bugs. (was: Should we give security support for squid when wheezy also has squid3?)
From: Santiago Ruano Rincón <santiagorr@riseup.net>
Date: Sun, 3 Jul 2016 11:42:03 +0200
Message-id: <[🔎] 20160703094203.GB30931@riseup.net>

(Sorry if you finally receive this twice. I have had issues sending
mail)

Hi,

I have pushed in collab-maint a repo for a next squid2 release, that
includes the fix for CVE-2016-4554:

https://anonscm.debian.org/cgit/collab-maint/debian-lts/squid.git/

I would need help to address some bugs, that require substantial
backporting:

* CVE-2016-4051
* CVE-2015-5400

Also a no-dsa bug that impacts squid3 too:

* CVE-2016-3948

I think it would be great to have some help from upstream to fix those
bugs. We could consider funding for that?

Cheers,

Santiago

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: RFH: fixing some squid2 remaining open bugs. (was: Should we give security support for squid when wheezy also has squid3?)
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: sqlite3 package and debdiff [new-ish contributor, second attempt]
Next by Date: Re: [Pkg-clamav-devel] ClamAV Package on Wheezy
Previous by thread: Re: sqlite3 package and debdiff [new-ish contributor, second attempt]
Next by thread: Re: RFH: fixing some squid2 remaining open bugs. (was: Should we give security support for squid when wheezy also has squid3?)
Index(es):
- Date
- Thread