Control: tags -1 + confirmed On Fri, 2025-11-14 at 21:40 +0100, Bastien Roucaries wrote: > [ Reason ] > > * Fix CVE-2023-46728: > Due to a NULL pointer dereference bug Squid is vulnerable > to a Denial of Service attack against Squid's Gopher gateway. > * Fix CVE-2025-59362 (Closes: #1117048) > Squid mishandles ASN.1 encoding of long SNMP OIDs. > * Remove Gopher support > * Fix CVE-2024-45802: Disable ESI feature support. > Due to Input Validation, Premature Release of Resource During > Expected > Lifetime, and Missing Release of Resource after Effective > Lifetime bugs, > Squid is vulnerable to Denial of Service attacks by a trusted > server > against all clients using the proxy. This problem is fixed by > changing > the build configuration to specify the --disable-esi option.
Please go ahead. Regards, Adam
