Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
778d4467 by Salvatore Bonaccorso at 2023-11-10T06:21:08+01:00
Track fixed version for squid issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3110,29 +3110,29 @@ CVE-2023-46728 (Squid is a caching proxy for the Web
supporting HTTP, HTTPS, FTP
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f
NOTE:
https://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html
CVE-2023-46724 (Squid is a caching proxy for the Web. Due to an Improper
Validation of ...)
- - squid <unfixed> (bug #1055252)
+ - squid 6.5-1 (bug #1055252)
[buster] - squid <not-affected> (Doesn't build with OpenSSL yet)
NOTE:
https://github.com/squid-cache/squid/commit/792ef23e6e1c05780fe17f733859eef6eb8c8be3
NOTE:
https://megamansec.github.io/Squid-Security-Audit/ssl-bufferunderread.html
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3
CVE-2023-46848 (Squid is vulnerable to Denial of Service, where a remote
attacker can ...)
- - squid <unfixed> (bug #1055251)
+ - squid 6.5-1 (bug #1055251)
[bullseye] - squid <not-affected> (Vulnerable code not present)
[buster] - squid <not-affected> (Vulnerable code not present)
- squid3 <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w
CVE-2023-46847 (Squid is vulnerable to a Denial of Service, where a remote
attacker c ...)
- - squid <unfixed> (bug #1055250)
+ - squid 6.5-1 (bug #1055250)
- squid3 <removed>
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
NOTE:
https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3
NOTE:
https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html
CVE-2023-5824 (Squid is vulnerable to Denial of Service attack against HTTP
and HTTPS ...)
- - squid <unfixed> (bug #1055249)
+ - squid 6.5-1 (bug #1055249)
- squid3 <removed>
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
CVE-2023-46846 (SQUID is vulnerable to HTTP request smuggling, caused by
chunked decod ...)
- - squid <unfixed> (bug #1054537)
+ - squid 6.5-1 (bug #1054537)
- squid3 <removed>
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh
CVE-2023-5178 (A use-after-free vulnerability was found in
drivers/nvme/target/tcp.c` ...)
@@ -287529,9 +287529,17 @@ CVE-2019-18862 (maidag in GNU Mailutils before 3.8
is installed setuid and allow
NOTE: /usr/sbin/maidat not installed suid root on Debian
CVE-2019-18861
RESERVED
+CVE-2023-XXXX [SQUID-2023:8 Denial of Service in Helper Process management]
+ - squid 6.5-1 (low)
+ - squid3 <removed>
+ TODO: fill in upstream references, cf.
https://tracker.debian.org/news/1477295/accepted-squid-65-1-source-into-unstable/
+CVE-2023-XXXX [SQUID-2023:7 Denial of Service in HTTP Message processing]
+ - squid 6.5-1 (low)
+ - squid3 <removed>
+ TODO: fill in upstream references, cf.
https://tracker.debian.org/news/1477295/accepted-squid-65-1-source-into-unstable/
CVE-2019-18860 (Squid before 4.9, when certain web browsers are used,
mishandles HTML ...)
{DSA-4732-1 DLA-2278-1}
- - squid 4.9-1 (low)
+ - squid 6.5-1 (low)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/pull/504
NOTE:
https://github.com/squid-cache/squid/commit/5cc4b155cee1a4968109737f6eba2ef29d51034d
(SQUID_5_0_1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/778d44678936649eb550e589645c60a50da81f88
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/778d44678936649eb550e589645c60a50da81f88
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
