[squid-users] [squid-announce] [ADVISORY] SQUID-2019:4 Multiple Issues in HTTP Request processing
dm at belkam.com
Sun Apr 19 09:47:41 UTC 2020
19.04.2020 12:37, Amos Jeffries пишет:
> On 19/04/20 8:22 pm, Dmitry Melekhov wrote:
>> 19.04.2020 12:18, TarotApprentice пишет:
>>> I am not sure if you have any contact with the Debian maintainers. I
>>> raised a bug with Debian in March asking for 4.10 to get promoted to
>>> buster-backports on the grounds of security fixes. If we’re on the
>>> stable release (buster) we are stuck with 4.6 until the next stable
>>> release (up to 2 years), use the testing release which has other
>>> changes or we have to compile our own.
>>> Link to bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954488
>> 4.10 does not contain fix :-)
> Which fix are you talking about?
> The bug TarotApprentice referenced is a publishing issue within Debian.
> Requesting an event which has not happened yet.
> The bug this advisory is talking about definitely is fixed in Squid
> 4.10 code. The patch was added way back in 4.8 release.
Affected versions: Squid 3.5.18 -> 3.5.28
Squid 4.0.10 -> 4.7
Well, this announcement is extremely misleading then...
More information about the squid-users