Source: squid Version: 4.9-2 Severity: important Tags: security upstream Hi,
The following vulnerabilities were published for squid. CVE-2020-8449[0]: | An issue was discovered in Squid before 4.10. Due to incorrect input | validation, it can interpret crafted HTTP requests in unexpected ways | to access server resources prohibited by earlier security filters. CVE-2020-8450[1]: | An issue was discovered in Squid before 4.10. Due to incorrect buffer | management, a remote client can cause a buffer overflow in a Squid | instance acting as a reverse proxy. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-8449 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8449 [1] https://security-tracker.debian.org/tracker/CVE-2020-8450 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450 [2] http://www.squid-cache.org/Advisories/SQUID-2020_1.txt Please adjust the affected versions in the BTS as needed. Regards, Salvatore
