[squid-users] [squid-announce] [ADVISORY] SQUID-2019:4 Multiple Issues in HTTP Request processing

Amos Jeffries squid3 at treenet.co.nz
Sun Apr 19 03:32:28 UTC 2020


On 19/04/20 6:52 am, Marcus Kool wrote:
> Amos,
> The latest version of Squid is 4.10.  Do you mean "fixed in 4.10"
> instead of "fixed in 4.8" ?
> 

No, these CVE were fixed in 4.8. The advisory was embargoed for another
issue, which is has taken too long and now going to be fixed in a later
release.

Amos



> Thanks,
> Marcus
> 
> On 18/04/2020 14:10, Amos Jeffries wrote:
>> __________________________________________________________________
>>
>>      Squid Proxy Cache Security Update Advisory SQUID-2019:4
>> __________________________________________________________________
>>
>> Advisory ID:        SQUID-2019:4
>> Date:               April 18, 2020
>> Summary:            Multiple Issues
>>                      in HTTP Request processing.
>> Affected versions:  Squid 3.5.18 -> 3.5.28
>>                      Squid 4.0.10 -> 4.7
>> Fixed in version:   Squid 4.8
>> __________________________________________________________________
>>
>>      http://www.squid-cache.org/Advisories/SQUID-2019_4.txt
>>      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520
>>      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524
>> __________________________________________________________________
>>


More information about the squid-users mailing list