[squid-users] [squid-announce] [ADVISORY] SQUID-2019:4 Multiple Issues in HTTP Request processing
TarotApprentice
tarotapprentice at yahoo.com
Sun Apr 19 08:18:20 UTC 2020
I am not sure if you have any contact with the Debian maintainers. I raised a bug with Debian in March asking for 4.10 to get promoted to buster-backports on the grounds of security fixes. If we’re on the stable release (buster) we are stuck with 4.6 until the next stable release (up to 2 years), use the testing release which has other changes or we have to compile our own.
Link to bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954488
MarkJ
> On 19 Apr 2020, at 1:33 pm, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
>
>> On 19/04/20 6:52 am, Marcus Kool wrote:
>> Amos,
>> The latest version of Squid is 4.10. Do you mean "fixed in 4.10"
>> instead of "fixed in 4.8" ?
>>
>
> No, these CVE were fixed in 4.8. The advisory was embargoed for another
> issue, which is has taken too long and now going to be fixed in a later
> release.
>
> Amos
>
>
>
>> Thanks,
>> Marcus
>>
>>> On 18/04/2020 14:10, Amos Jeffries wrote:
>>> __________________________________________________________________
>>>
>>> Squid Proxy Cache Security Update Advisory SQUID-2019:4
>>> __________________________________________________________________
>>>
>>> Advisory ID: SQUID-2019:4
>>> Date: April 18, 2020
>>> Summary: Multiple Issues
>>> in HTTP Request processing.
>>> Affected versions: Squid 3.5.18 -> 3.5.28
>>> Squid 4.0.10 -> 4.7
>>> Fixed in version: Squid 4.8
>>> __________________________________________________________________
>>>
>>> http://www.squid-cache.org/Advisories/SQUID-2019_4.txt
>>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520
>>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524
>>> __________________________________________________________________
>>>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200419/49490f84/attachment-0002.html>
More information about the squid-users
mailing list