[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2023-46728,squid: Mark Buster as ignored

Mon, 08 Jan 2024 14:28:16 -0800 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8a58e795 by Markus Koschany at 2024-01-08T21:51:11+01:00
CVE-2023-46728,squid: Mark Buster as ignored

Gopher support has been removed upstream. Since Gopher is ancient and rarely
used, we recommend to reject all gopher URL requests.

- - - - -
9c498ef6 by Markus Koschany at 2024-01-08T23:24:45+01:00
Merge branch 'master' of 
salsa.debian.org:security-tracker-team/security-tracker

- - - - -
0dada7df by Markus Koschany at 2024-01-08T23:25:58+01:00
CVE-2023-46728,squid: Mark Bullseye and Bookworm also as ignored

The same reasoning applies to newer releases. Gopher support has just been
removed, no fix is available and the simple workaround is to reject Gopher URLs
which in 2024 shouldn't be a problem.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13502,6 +13502,9 @@ CVE-2021-46897 (views.py in Wagtail CRX CodeRed 
Extensions (formerly CodeRed CMS
        NOT-FOR-US: Wagtail CRX CodeRed Extensions
 CVE-2023-46728 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, 
FTP, and  ...)
        - squid 6.1-1
+       [bookworm] - squid <ignored> (unsupported, Gopher support has been 
removed upstream)
+       [bullseye] - squid <ignored> (unsupported, Gopher support has been 
removed upstream)
+       [buster] - squid <ignored> (unsupported, Gopher support has been 
removed upstream)
        NOTE: No code fix, gopher support was removed:
        NOTE: 
https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3
 (SQUID_6_0_1)
        NOTE: 
https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2f31272fab38603e91f0ec86d08b77d8ac71b410...0dada7df366d9b70323fc63d2605600605281d11

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2f31272fab38603e91f0ec86d08b77d8ac71b410...0dada7df366d9b70323fc63d2605600605281d11
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to