I am not sure if you have any contact with the Debian maintainers. I raised a bug with Debian in March asking for 4.10 to get promoted to buster-backports on the grounds of security fixes. If we’re on the stable release (buster) we are stuck with 4.6 until the next stable release (up to 2 years), use the testing release which has other changes or we have to compile our own.
Link to bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954488 MarkJ > On 19 Apr 2020, at 1:33 pm, Amos Jeffries <[email protected]> wrote: > > >> On 19/04/20 6:52 am, Marcus Kool wrote: >> Amos, >> The latest version of Squid is 4.10. Do you mean "fixed in 4.10" >> instead of "fixed in 4.8" ? >> > > No, these CVE were fixed in 4.8. The advisory was embargoed for another > issue, which is has taken too long and now going to be fixed in a later > release. > > Amos > > > >> Thanks, >> Marcus >> >>> On 18/04/2020 14:10, Amos Jeffries wrote: >>> __________________________________________________________________ >>> >>> Squid Proxy Cache Security Update Advisory SQUID-2019:4 >>> __________________________________________________________________ >>> >>> Advisory ID: SQUID-2019:4 >>> Date: April 18, 2020 >>> Summary: Multiple Issues >>> in HTTP Request processing. >>> Affected versions: Squid 3.5.18 -> 3.5.28 >>> Squid 4.0.10 -> 4.7 >>> Fixed in version: Squid 4.8 >>> __________________________________________________________________ >>> >>> http://www.squid-cache.org/Advisories/SQUID-2019_4.txt >>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520 >>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524 >>> __________________________________________________________________ >>> > _______________________________________________ > squid-users mailing list > [email protected] > http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users
