<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:11.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<p style="font-family:Calibri;font-size:10pt;color:#000000;margin:5pt;font-style:normal;font-weight:normal;text-decoration:none;" align="Left">
Internal<br>
</p>
<br>
<div>
<div class="WordSection1">
<div id="mail-editor-reference-message-container">
<div>
<div>
<div>
<p class="MsoNormal"><span lang="EN-GB">Hi all</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB">In October 2023 the free vulnerabilities scanner of Greenbone (Openvas) has started reporting high vulnerabilities on squid for all versions.
</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB">When I questioned them about it they indicated
<a href="https://megamansec.github.io/Squid-Security-Audit/">https://megamansec.github.io/Squid-Security-Audit/</a> as their source of truth and to date they have not reduced the score of the vulnerability causing extensive issues for me and my security team.
</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB">I further asked them about it and they are looking for a published list of security advisories about these vulnerabilities.
</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB">Would it be possible to issue such a list for whichever ones are fixed to date in squid 6.10 so maybe they can lower that vulnerability score?</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB">Regards</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB">Alex Mateescu</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
<meta name="Generator" content="Microsoft Word 15 (filtered)">
<style>
</style>
<p class="MsoNormal"><span style="font-size:7.0pt;font-family:"Verdana",sans-serif;
color:#BFBFBF">The information contained in this email transmission is confidential and may be privileged. It is intended only for the addressee(s) stated above. If you are
not an addressee, any use, dissemination, distribution, publication or copying of the information contained in this email is strictly prohibited. It is your responsibility to scan this email and any attachments for viruses. If you have received this email
in error, please immediately notify us at </span><a href="mailto:infosec@retailinmotion.com"><span style="font-size:7.0pt;font-family:"Verdana",sans-serif;color:#BFBFBF">infosec@retailinmotion.com</span></a><span style="font-size:7.0pt;font-family:"Verdana",sans-serif;color:#BFBFBF">
and delete the email from your system. </span></p>
<div></div>
</div>
</body>
</html>