Overview

File _patchinfo of Package patchinfo.3919

<patchinfo incident="3919">
  <issue id="1016168" tracker="bnc">VUL-0: CVE-2016-10002: squid: Incorrect processing of responses to If-None-Modified HTTP conditional requests</issue>
  <issue id="949942" tracker="bnc">VUL-0: CVE-2014-9749: squid,squid3: Nonce replay vulnerability in Digest authentication</issue>
  <issue id="2016-10002" tracker="cve" />
  <issue id="2014-9749" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>adamm</packager>
  <description>
This update for squid fixes the following issues:

- CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168)
- CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942)
</description>
  <summary>Security update for squid</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places