Subject: CVS commit: [pkgsrc-2014Q3] pkgsrc/www/squid3
From: Matthias Scheler
Date: 2014-10-02 11:59:22
Message id: 20141002095922.2EDCE98@cvs.netbsd.org

Log Message:
Pullup ticket #4512 - requested by taca
www/squid3: security update

Revisions pulled up:
- www/squid3/Makefile                                           1.37
- www/squid3/distinfo                                           1.24

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Oct  2 07:33:47 UTC 2014

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Update squid to 3.4.8, a security release resolving several vulnerability
   issues found in the prior Squid releases.

   The major changes to be aware of:

   * CVE-2014-6270 : SQUID-2014:3 Buffer overflow in SNMP processing

     http://www.squid-cache.org/Advisories/SQUID-2014_3.txt

   This vulnerability allows any client who is allowed to send SNMP
   packets to the proxy to perform a denial of service attack on Squid.

   The issue came to light as the result of active 0-day attacks. Since
   publication several other attack sightings have been reported.

   * CVE-2014-7141 and CVE-2014-7142 : SQUID-2014:4

     http://www.squid-cache.org/Advisories/SQUID-2014_4.txt

   These vulnerabilities allow a remote attack server to trigger DoS or
   information leakage by sending various malformed ICMP and ICMPv6
   packets to the Squid pinger helper.
   The worst-case DoS scenario is a rarity, a more common impact will be
   general service degradation for high-performance systems relying on
   the pinger for realtime network measurement.

    All users of Squid are urged to upgrade to this release as soon as
   possible.

    See the ChangeLog for the full list of changes in this and earlier
    releases.

   Please refer to the release notes at
   http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
   when you are ready to make the switch to Squid-3.4

   Upgrade tip:
     "squid -k parse" is starting to display even more
      useful hints about squid.conf changes.

Files:
RevisionActionfile
1.36.2.1modifypkgsrc/www/squid3/Makefile
1.23.2.1modifypkgsrc/www/squid3/distinfo