Date: Fri, 23 Dec 2016 02:52:04 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r429215 - head/security/vuxml Message-ID: <201612230252.uBN2q4UR085374@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Fri Dec 23 02:52:04 2016 New Revision: 429215 URL: https://svnweb.freebsd.org/changeset/ports/429215 Log: Document information disclosure CVEs in SQUID-2016:10 and SQUID-2016:11 PR: 215416 PR: 215418 Security: CVE-2016-10002 Security: CVE-2016-10003 Security: https://vuxml.FreeBSD.org/freebsd/41f8af15-c8b9-11e6-ae1b-002590263bf5.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Dec 23 02:38:07 2016 (r429214) +++ head/security/vuxml/vuln.xml Fri Dec 23 02:52:04 2016 (r429215) @@ -58,6 +58,59 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="41f8af15-c8b9-11e6-ae1b-002590263bf5"> + <topic>squid -- multiple vulnerabilities</topic> + <affects> + <package> + <name>squid</name> + <range><ge>3.1</ge><lt>3.5.23</lt></range> + </package> + <package> + <name>squid-devel</name> + <range><ge>4.0</ge><lt>4.0.17</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Squid security advisory 2016:10 reports:</p> + <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_10.txt">; + <p>Due to incorrect comparsion of request headers Squid can deliver + responses containing private data to clients it should not have + reached.</p> + <p>This problem allows a remote attacker to discover private and + sensitive information about another clients browsing session. + Potentially including credentials which allow access to further + sensitive resources. This problem only affects Squid configured + to use the Collapsed Forwarding feature. It is of particular + importance for HTTPS reverse-proxy sites with Collapsed + Forwarding.</p> + </blockquote> + <p>Squid security advisory 2016:11 reports:</p> + <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2016_11.txt">; + <p>Due to incorrect HTTP conditional request handling Squid can + deliver responses containing private data to clients it should not + have reached.</p> + <p>This problem allows a remote attacker to discover private and + sensitive information about another clients browsing session. + Potentially including credentials which allow access to further + sensitive resources..</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-10002</cvename> + <cvename>CVE-2016-10003</cvename> + <freebsdpr>ports/215416</freebsdpr> + <freebsdpr>ports/215418</freebsdpr> + <url>http://www.squid-cache.org/Advisories/SQUID-2016_10.txt</url>; + <url>http://www.squid-cache.org/Advisories/SQUID-2016_11.txt</url>; + </references> + <dates> + <discovery>2016-12-16</discovery> + <entry>2016-12-23</entry> + </dates> + </vuln> + <vuln vid="c11629d3-c8ad-11e6-ae1b-002590263bf5"> <topic>vim -- arbitrary command execution</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612230252.uBN2q4UR085374>