---
- branch: pkgsrc-2014Q3
  date: Thu Oct  2 09:59:22 UTC 2014
  files:
  - new: 1.36.2.1
    old: '1.36'
    path: pkgsrc/www/squid3/Makefile
    pathrev: pkgsrc/www/squid3/Makefile@1.36.2.1
    type: modified
  - new: 1.23.2.1
    old: '1.23'
    path: pkgsrc/www/squid3/distinfo
    pathrev: pkgsrc/www/squid3/distinfo@1.23.2.1
    type: modified
  id: 20141002T095922Z.f57f938e1472815db804a8213bafe0f5c0621db0
  log: "Pullup ticket #4512 - requested by taca\nwww/squid3: security update\n\nRevisions
    pulled up:\n- www/squid3/Makefile                                           1.37\n-
    www/squid3/distinfo                                           1.24\n\n---\n   Module
    Name:\tpkgsrc\n   Committed By:\ttaca\n   Date:\t\tThu Oct  2 07:33:47 UTC 2014\n\n
    \  Modified Files:\n   \tpkgsrc/www/squid3: Makefile distinfo\n\n   Log Message:\n
    \  Update squid to 3.4.8, a security release resolving several vulnerability\n
    \  issues found in the prior Squid releases.\n\n   The major changes to be aware
    of:\n\n   * CVE-2014-6270 : SQUID-2014:3 Buffer overflow in SNMP processing\n\n
    \    http://www.squid-cache.org/Advisories/SQUID-2014_3.txt\n\n   This vulnerability
    allows any client who is allowed to send SNMP\n   packets to the proxy to perform
    a denial of service attack on Squid.\n\n   The issue came to light as the result
    of active 0-day attacks. Since\n   publication several other attack sightings
    have been reported.\n\n   * CVE-2014-7141 and CVE-2014-7142 : SQUID-2014:4\n\n
    \    http://www.squid-cache.org/Advisories/SQUID-2014_4.txt\n\n   These vulnerabilities
    allow a remote attack server to trigger DoS or\n   information leakage by sending
    various malformed ICMP and ICMPv6\n   packets to the Squid pinger helper.\n   The
    worst-case DoS scenario is a rarity, a more common impact will be\n   general
    service degradation for high-performance systems relying on\n   the pinger for
    realtime network measurement.\n\n    All users of Squid are urged to upgrade to
    this release as soon as\n   possible.\n\n    See the ChangeLog for the full list
    of changes in this and earlier\n    releases.\n\n   Please refer to the release
    notes at\n   http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html\n   when
    you are ready to make the switch to Squid-3.4\n\n   Upgrade tip:\n     \"squid
    -k parse\" is starting to display even more\n      useful hints about squid.conf
    changes.\n"
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2014Q3] pkgsrc/www/squid3'
  unixtime: '1412243962'
  user: tron