[squid-users] [squid-announce] [ADVISORY] SQUID-2020:7 Cache Poisoning Issue in HTTP Request processing
Mark James
tarotapprentice at yahoo.com
Mon Jul 27 00:45:58 UTC 2020
It seems they decided to patch the 4.6 they have in Debian Buster.
There is no update on my Debian bug regarding promoting 4.12 to buster-backports.
MarkJ
> On 7 Jul 2020, at 2:20 am, Eliezer Croitor <ngtech1ltd at gmail.com> wrote:
>
> If someone need I can try to compile a Debian Buster compatible binary as a drop in replacement.
>
> Eliezer
>
> ----
> Eliezer Croitoru
> Tech Support
> Mobile: +972-5-28704261
> Email: ngtech1ltd at gmail.com
>
> -----Original Message-----
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of TarotApprentice
> Sent: Sunday, July 5, 2020 4:31 AM
> To: Squid Users
> Subject: Re: [squid-users] [squid-announce] [ADVISORY] SQUID-2020:7 Cache Poisoning Issue in HTTP Request processing
>
> Debian bug 964283 raised. If you are talking to the Debian security team you might want to discuss pushing it into buster with one of their point releases.
>
> MarkJ
>
>>> On 28 Jun 2020, at 12:57 am, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>>>
>>> On 28/06/20 2:27 am, TarotApprentice wrote:
>>> Any plans to get this into Debian, or if they’ll apply the patch to 4.11?
>>>
>>
>> v4.12 package is already being worked on. I'm not sure of ETA though,
>> its already taken longer than usual.
>>
>> Can't speak for the security team about the stable Debian packages.
>>
>>
>> Amos
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list