[SECURITY] [DLA 1280-1] pound security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1280-1] pound security update
From: Markus Koschany <apo@debian.org>
Date: Tue, 13 Feb 2018 00:15:52 +0100
Message-id: <[🔎] 9b290aeb-8a3b-64dd-cac3-ed344db5c7f2@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : pound
Version        : 2.6-2+deb7u2
CVE ID         : CVE-2016-10711
Debian Bug     : 888786

A request smuggling vulnerability was discovered in pound that may allow
attackers to send a specially crafted http request to a web server or
reverse proxy while pound may see a different set of requests.
This facilitates several possible exploitations, such as partial cache
poisoning, bypassing firewall protection and XSS.

For Debian 7 "Wheezy", these problems have been fixed in version
2.6-2+deb7u2.

We recommend that you upgrade your pound packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqCIChfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSemg/9HWe6MOlsUrsEASuId82J1pdqa5Ie0irz1XPqmBqci2GCX2Brbil427Jd
qu7XcPa52zRmvlI4GTOGflnQGA7f5yMl5F1H5fggr1qGVyToibD/8RRX1hkcFM7W
XKFChPqiIW/z9QbYZCkcn4VBPleWDrR2Y/dXfx1glh7qa/u0Z4J/JRELFXT765sn
okYmMXY4eiL1BHqVMk5gweedWZhMntJfxHniBgHMBHE/HZl9+qBP/DTPb5sFftkv
frjJkjRriPAfpRisIxKdhta8PQDHIHC2Ti1RnvC4Q/U5aSMN7EeptUaDw7VRvzAV
eoSh/MZ7Whs+Mo5C/3ESlO3wFAXuEsuzDFAb+WW6MP8HxZmxBrK7DoM1EhWPkALH
BsGMKGJVPq3j15w/DhDbflvlhi/30NOqhDLIt6Rfn10xY4cQCiyxr5M1mOkPlm/w
8su0n1wqnjU0HWVuMURgNo/5X55MGZeQwa89fStTbCZD94IjBaUVyKBi1aNvzygX
5eKESXUxZifgSmpCwppgUg3FLqMT8IvLx9NrvGqcXhgoGciywRehP9otmHUl9M0L
dNzHgYjbxphaOyo79VCMqFxQ8MSDHuvJKyXO9gmBtuqbx8BGbNiPNlCIAnpm7g3L
kVdbpYFmkj5GIEh+6VGv1TiVtxoi3J+UthtalE7D9UQNF6knjSQ=
=575O
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1279-1] clamav security update
Next by Date: [SECURITY] [DLA 1281-1] advancecomp security update
Previous by thread: [SECURITY] [DLA 1279-1] clamav security update
Next by thread: [SECURITY] [DLA 1281-1] advancecomp security update
Index(es):
- Date
- Thread