PublicDateAtUSN: 2016-04-25
Candidate: CVE-2016-4054
PublicDate: 2016-04-25 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054
 https://marc.info/?l=oss-security&m=146116724827962&w=2
 https://ubuntu.com/security/notices/USN-2995-1
Description:
 Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows
 remote attackers to execute arbitrary code via crafted Edge Side Includes
 (ESI) responses.
Ubuntu-Description:
Notes:
 mdeslaur> same patches as CVE-2016-4052
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]

Patches_squid3:
upstream_squid3: released (3.5.17-1)
precise_squid3: released (3.1.19-1ubuntu3.12.04.7)
trusty_squid3: released (3.3.8-1ubuntu6.8)
trusty/esm_squid3: DNE (trusty was released [3.3.8-1ubuntu6.8])
vivid/stable-phone-overlay_squid3: DNE
vivid/ubuntu-core_squid3: DNE
wily_squid3: released (3.3.8-1ubuntu16.3)
xenial_squid3: released (3.5.12-1ubuntu7.2)
esm-infra/xenial_squid3: released (3.5.12-1ubuntu7.2)
devel_squid3: released (3.5.12-1ubuntu8)