pound - security update

This update fixes certain known vulnerabilities in pound in squeeze-lts by
backporting the version in wheezy.

• CVE-2009-3555
  The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as
  used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl
  in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,
  GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)
  3.12.4 and earlier, multiple Cisco products, and other products,
  does not properly associate renegotiation handshakes with an
  existing connection, which allows man-in-the-middle attackers to
  insert data into HTTPS sessions, and possibly other types of
  sessions protected by TLS or SSL, by sending an unauthenticated
  request that is processed retroactively by a server in a
  post-renegotiation context, related to a plaintext injection
  attack, aka the Project Mogul issue.
• CVE-2011-3389
  The SSL protocol, as used in certain configurations in Microsoft
  Windows and Microsoft Internet Explorer, Mozilla Firefox, Google
  Chrome, Opera, and other products, encrypts data by using CBC mode
  with chained initialization vectors, which allows man-in-the-middle
  attackers to obtain plaintext HTTP headers via a blockwise
  chosen-boundary attack (BCBA) on an HTTPS session, in conjunction
  with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the
  Java URLConnection API, or (3) the Silverlight WebClient API, aka a
  BEAST attack.
• CVE-2012-4929
  The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google
  Chrome, Qt, and other products, can encrypt compressed data without
  properly obfuscating the length of the unencrypted data, which
  allows man-in-the-middle attackers to obtain plaintext HTTP headers
  by observing length differences during a series of guesses in which
  a string in an HTTP request potentially matches an unknown string in
  an HTTP header, aka a CRIME attack.
• CVE-2014-3566
  The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
  products, uses nondeterministic CBC padding, which makes it easier
  for man-in-the-middle attackers to obtain cleartext data via a
  padding-oracle attack, aka the POODLE issue.