News for package apt-cacher-ng

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 3.0 (quilt)
Source: apt-cacher-ng
Binary: apt-cacher-ng
Architecture: any
Version: 2-2
Maintainer: Eduard Bloch <blade@debian.org>
Homepage: http://www.unix-ag.uni-kl.de/~bloch/acng/
Standards-Version: 3.9.8
Vcs-Browser: https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt-cacher-ng/apt-cacher-ng.git;a=shortlog;h=refs/heads/debian/sid
Vcs-Git: https://alioth.debian.org/anonscm/git/apt-cacher-ng/apt-cacher-ng.git
Build-Depends: debhelper (>= 9), cmake (>= 2.6.2), libbz2-dev, zlib1g-dev, liblzma-dev, libfuse-dev [!hurd-i386], pkg-config, libwrap0-dev, lsb-base (>> 3.0-6), dh-systemd (>= 1.5), po-debconf, libssl-dev, libsystemd-dev (>= 210) [linux-any] | libsystemd-daemon-dev [linux-any]
Package-List:
 apt-cacher-ng deb net optional arch=any
Checksums-Sha1:
 10263bee32d42ed7850d0f037e140b4a968a8413 313360 apt-cacher-ng_2.orig.tar.xz
 29c5fb3e2df9762ec68601e163993cbee8d805bc 48508 apt-cacher-ng_2-2.debian.tar.xz
Checksums-Sha256:
 eeab24d96ceb544b4c57dd1ac749af9e2ad92dbf864056688bd9c62d02186c2e 313360 apt-cacher-ng_2.orig.tar.xz
 e68b4e670d05ec818639bc4e0813d24a42f224429beca9f2ec5ac36dbaa5e7e1 48508 apt-cacher-ng_2-2.debian.tar.xz
Files:
 9cd2bea95833debc864957aa89d13850 313360 apt-cacher-ng_2.orig.tar.xz
 08455c1e92375784e57bf934f9580843 48508 apt-cacher-ng_2-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEZI3Zj0vEgpAXyw40aXQOXLNf7DwFAlkQ2RAACgkQaXQOXLNf
7Dwl9g/+IY/zY62sUW06UVu0GgnRBZa8R8UaBy0ACCUyFvCDNQ5h8QdO7CdjHPJA
/DCRLrxX1lZPlrx57H5YsVD4tOm1N+adGHqVqTANnmmdXs9YwWPeMEjWW/+mx2cU
dA4tPQ1e0ijlmUf9aP9yWuywJuqkZMWpnMZ5n5giAqqOZ4plqVsnk7KsbS/PtWww
gOOC6jfhzQFjdOexuqWXdxNYdqY/cdzzAdXd1bXup7LjV1r9MYFef7e1OjJPoxva
WNThB3hc/tgYaZLpdH66brn8iRJKX5cXKjAduNFOBnrHtS5QZKbV77C6Kjz2WN+K
Bj6L4ZdDhLrK6BuuW4oo3nI1Guot1eU3rP0Tk46DwxTrQYJ7bSmKZ66T3oKejv51
/yxm3keklR25D5SIgJ4eVi3cEASjXV96ZkVNbDrIv+FjfI/nqxUtnTernqyCD5Tm
654NDxTILH6Nhbp39KOPXh4NjCaOhcvGZmKnYXlmekREZ3Bh0uFXVhuAdIokNMwa
N62EDx0GEvDu9pibJU8Dvikvo+K0sX2r4xKC+QSnwKVGq1GGCg24EkQ2UqnlkhPN
NsbiEoiJDIXnnio1dR9AkGZoe6nzTEyYSGNSq+GjKtKoocZ9BiTdi3Zl2CUoXJSA
rCUEhpKkijXQBktp2ENXuNilCrruUiuL8vrnRO1dc0VEzF63MO0=
=slSA
-----END PGP SIGNATURE-----

<span id="changes">Changes:</span>
apt-cacher-ng (2-2) testing; urgency=high

  * Special version only for Debian Stretch, solving moderate security issues:
    + hardening against HTTP header splitting attack (no user input printed in
      the HTTP headers anymore; backport from Sid, related to CVE-2017-7443)
    + hardening against unintended or malicious triggering of hidden space
      allocation, by disabling the fallocate completely. This is ultima ratio,
      trading code simplicity for fragmentation avoiding efforts; a smarter
      solution is found in upstream version 3; closes: #856635)
    + handle a corner case of bad TLS handshake with invalid certificate
      (related to #839751)

 -- Eduard Bloch <blade@debian.org>  Thu, 13 Apr 2017 18:11:17 +0200