[Git][security-tracker-team/security-tracker][master] Add fixed version for squid upload to unstable

Thu Jul 18 23:40:29 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c9f48ae by Salvatore Bonaccorso at 2019-07-18T22:39:20Z
Add fixed version for squid upload to unstable

Note that the changelog entry in
https://tracker.debian.org/news/1046100/accepted-squid-48-1-source-amd64-all-into-unstable/
contains a typo for the first CVE id for SQUID-2019:1.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2282,8 +2282,9 @@ CVE-2019-13346 (In MyT 1.5.1, the User[username] parameter has XSS. ...)
 	NOT-FOR-US: MyT
 CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_ ...)
 	{DLA-1847-1}
-	- squid <unfixed> (bug #931478)
+	- squid 4.8-1 (bug #931478)
 	- squid3 <removed>
+	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_6.txt
 	NOTE: https://bugs.squid-cache.org/show_bug.cgi?id=4957
 	NOTE: https://github.com/squid-cache/squid/pull/429
 CVE-2019-13344 (An authentication bypass vulnerability in the CRUDLab WP Like Button p ...)
@@ -3591,7 +3592,7 @@ CVE-2019-12855 (In words.protocols.jabber.xmlstream in Twisted through 19.2.1, X
 	NOTE: https://twistedmatrix.com/trac/ticket/9561
 CVE-2019-12854 [denial of service in cachemgr.cgi]
 	RESERVED
-	- squid <unfixed>
+	- squid 4.8-1
 	- squid3 <not-affected> (Vulnerable code not present; Vulnerable code only in 4.x series)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_1.txt
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch
@@ -4367,21 +4368,24 @@ CVE-2019-12531
 CVE-2019-12530 (Incorrect access control was discovered in the stdonato Dashboard plug ...)
 	NOT-FOR-US: Dashboard plugin for GLPI
 CVE-2019-12529 (An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through  ...)
-	- squid <unfixed>
+	- squid 4.8-1
 	- squid3 <removed>
+	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_2.txt
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch
 CVE-2019-12528
 	RESERVED
 CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checking Bas ...)
-	- squid <unfixed>
+	- squid 4.8-1
 	- squid3 <removed>
+	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_5.txt
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch
 	TODO: check why this owuld not affect 3.x versions of upstream Squid.
 CVE-2019-12526
 	RESERVED
 CVE-2019-12525 (An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through  ...)
-	- squid <unfixed>
+	- squid 4.8-1
 	- squid3 <removed>
+	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_3.txt
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch
 CVE-2019-12524
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c9f48ae6e1ccb4bd400857e1ce9ef64550dc68c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c9f48ae6e1ccb4bd400857e1ce9ef64550dc68c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190718/f31e8c7b/attachment.html>
