Package: apt-cacher-ng / 2-2

Metadata

Package Version Patches format
apt-cacher-ng 2-2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
debian changes | (download)

source/fileio.cc | 2 1 + 1 - 0 !
source/job.cc | 4 1 + 3 - 0 !
source/tcpconnect.cc | 10 9 + 1 - 0 !
3 files changed, 11 insertions(+), 5 deletions(-)

 <short summary of the patch>
 TODO: Put a short summary on the line above and replace this paragraph
 with a longer explanation of this change. Complete the meta-information
 with other relevant fields (see below for details). To make it easier, the
 information below has been extracted from the changelog. Adjust it or drop
 it.
 .
 apt-cacher-ng (2-2) testing; urgency=high
 .
   * Special version only for Debian Stretch, solving moderate security issues:
     + hardening against HTTP header splitting attack (no user input printed in
       the HTTP headers anymore; backport from Sid, related to CVE-2017-7443)
     + hardening against unintended or malicious triggering of hidden space
       allocation, by disabling the fallocate completely. This is ultima ratio,
       trading code simplicity for fragmentation avoiding efforts; a smarter
       solution is found in upstream version 3; closes: #856635)
     + handle a corner case of bad TLS handshake with invalid certificate
       (related to #839751)