squid

Salvatore Bonaccorso Sat, 08 Feb 2020 05:48:55 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
03dddcf9 by Salvatore Bonaccorso at 2020-02-08T14:42:33+01:00
Add fixed version for CVE-2009-0801/squid

Mark is as fixed with first src:squid version based on 4.x series after
the source package rename.

- - - - -
e419eb0b by Salvatore Bonaccorso at 2020-02-08T14:44:03+01:00
Add fixed version for CVE-2014-6270/squid

While src:squid was on the 2.x branch the issue was unimportant as the
SNMP part was not build. A while later after the issue got fixed in
3.4.8-1 in src:squid3 the source package was renamed back to src:squid.
Mark the issue for src:squid as fixed with the first upload of the 4.x
series to unstable.

- - - - -
904f33d3 by Salvatore Bonaccorso at 2020-02-08T14:45:42+01:00
Add fixed version for CVE-2015-3455/squid

- - - - -
ed1c67f2 by Salvatore Bonaccorso at 2020-02-08T14:46:30+01:00
Add fixed version for CVE-2016-2390/squid

For the 4.x branch the issue was fixed back in 4.0.6, mark the first 4.x
based version which entered unstable as the fixed one.

- - - - -
7ab89c98 by Salvatore Bonaccorso at 2020-02-08T14:47:41+01:00
Add fixed version for CVE-2018-1172/squid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -128132,7 +128132,7 @@ CVE-2018-1173 (This vulnerability allows remote 
attackers to execute arbitrary c
        NOT-FOR-US: Foxit Reader
 CVE-2018-1172 (This vulnerability allows remote attackers to deny service on 
vulnerab ...)
        [experimental] - squid 4.0.21-1~exp5 (unimportant)
-       - squid <removed> (unimportant)
+       - squid 4.1-1 (unimportant)
        [wheezy] - squid <not-affected> (Vunerable code introduced in 3.1)
        - squid3 <unfixed> (unimportant)
        NOTE: src:squid as source package reintroduced for 4.x in experimental
@@ -205478,7 +205478,7 @@ CVE-2016-2391 (The ohci_bus_start function in the USB 
OHCI emulation support (hw
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794
        NOTE: http://www.openwall.com/lists/oss-security/2016/02/16/2
 CVE-2016-2390 (The FwdState::connectedToPeer method in FwdState.cc in Squid 
before 3. ...)
-       - squid <removed> (unimportant)
+       - squid 4.1-1 (unimportant)
        - squid3 3.5.14-1 (unimportant)
        NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_1.txt
        NOTE: Only affects custom builds with --enable-ssl (disabled for 
license purposes in Debian)
@@ -228012,7 +228012,7 @@ CVE-2015-3622 (The _asn1_extract_der_octet function 
in lib/decoding.c in GNU Lib
        NOTE: Introduced by 
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=609d5c1366fb424f6150c4eed358d246e61cf204
 (libtasn1_3_6)
        NOTE: DECR_LEN introduced in 
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=154909136c12cfa5c60732b7210827dfb1ec6aee
 (libtasn1_3_6)
 CVE-2015-3455 (Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 
3.4.13, a ...)
-       - squid <removed> (unimportant)
+       - squid 4.1-1 (unimportant)
        - squid3 3.5.6-1 (unimportant)
        NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
        NOTE: Only affects custom builds with --enable-ssl (disabled for 
license purposes in Debian)
@@ -247687,8 +247687,8 @@ CVE-2014-6311 (generate_doygen.pl in ace before 
6.2.7+dfsg-2 creates predictable
 CVE-2014-6310 (Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote 
attacker ...)
        - chicken <not-affected> (Affects only CHICKEN Scheme on the Android 
platform)
 CVE-2014-6270 (Off-by-one error in the snmpHandleUdp function in snmp_core.cc 
in Squi ...)
-       - squid <removed> (unimportant)
-       NOTE: SNMP not built in squid 2
+       - squid 4.1-1 (unimportant)
+       NOTE: SNMP was not built in squid 2.x
        - squid3 3.4.8-1 (low; bug #761002)
        [wheezy] - squid3 <no-dsa> (Minor issue)
        [squeeze] - squid3 <no-dsa> (Minor issue)
@@ -340951,7 +340951,7 @@ CVE-2009-0803 (SmoothWall SmoothGuardian, as used in 
SmoothWall Firewall, Networ
 CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, 
uses the  ...)
        NOT-FOR-US: Qbik WinGate
 CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the 
HTTP Ho ...)
-       - squid <unfixed> (unimportant; bug #521053)
+       - squid 4.1-1 (unimportant; bug #521053)
        - squid3 3.3.3-1 (unimportant; bug #521052)
        NOTE: This only affects HTTP connections and only in transparent mode
        NOTE: Also, same origin validations in the browsers still apply and 
keep this mostly harmless



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fa1960b0b09d9b7ca93d900a27afe177fbde9349...7ab89c98171845029531068b99eef8e7717c2289

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fa1960b0b09d9b7ca93d900a27afe177fbde9349...7ab89c98171845029531068b99eef8e7717c2289
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 5 commits: Add fixed version for CVE-2009-0801/squid

Reply via email to