[squid-users] [squid-announce] [ADVISORY] SQUID-2019:4 Multiple Issues in HTTP Request processing
tarotapprentice at yahoo.com
Sun Apr 19 08:18:20 UTC 2020
I am not sure if you have any contact with the Debian maintainers. I raised a bug with Debian in March asking for 4.10 to get promoted to buster-backports on the grounds of security fixes. If we’re on the stable release (buster) we are stuck with 4.6 until the next stable release (up to 2 years), use the testing release which has other changes or we have to compile our own.
Link to bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954488
> On 19 Apr 2020, at 1:33 pm, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>> On 19/04/20 6:52 am, Marcus Kool wrote:
>> The latest version of Squid is 4.10. Do you mean "fixed in 4.10"
>> instead of "fixed in 4.8" ?
> No, these CVE were fixed in 4.8. The advisory was embargoed for another
> issue, which is has taken too long and now going to be fixed in a later
>>> On 18/04/2020 14:10, Amos Jeffries wrote:
>>> Squid Proxy Cache Security Update Advisory SQUID-2019:4
>>> Advisory ID: SQUID-2019:4
>>> Date: April 18, 2020
>>> Summary: Multiple Issues
>>> in HTTP Request processing.
>>> Affected versions: Squid 3.5.18 -> 3.5.28
>>> Squid 4.0.10 -> 4.7
>>> Fixed in version: Squid 4.8
> squid-users mailing list
> squid-users at lists.squid-cache.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users