On 6/15/26 04:26, Amos Jeffries wrote:
On 12/06/2026 20:21, Amos Jeffries wrote:
Hi all,

Squid 7.6 release contains fixes for and releases the embargo on CVE-2026-47729 and CVE-2026-50012.


Apologies, this first one (CVE-2026-47729) embargo is over, but the fix will actually be in Squid 7.7.

A blog was posted about it today:
https://blog.calif.io/p/squidbleed-cve-2026-47729

It says the root cause was a misunderstanding of what the C standard requires:
strchr(w_space, '\0') returns non-NULL per C11 ยง7.24.5.2 (terminating NUL
is part of the string).

--
        -Alan Coopersmith-                 [email protected]
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Reply via email to