[Git][security-tracker-team/security-tracker][master] LTS/update status of CVE-2019-12527/squid3

Sat Jul 20 20:06:50 BST 2019


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eae26065 by Roberto C. Sánchez at 2019-07-20T19:06:32Z
LTS/update status of CVE-2019-12527/squid3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4884,9 +4884,10 @@ CVE-2019-12528
 CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checking Bas ...)
 	- squid 4.8-1
 	- squid3 <removed>
+	[jessie] - squid3 <not-affected> (Vulnerable code is not present)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_5.txt
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch
-	TODO: check why this owuld not affect 3.x versions of upstream Squid.
+	NOTE: The code in squid 3.x limits the amount of input data decoded to one byte less than the length of the target buffer, whilst in 4.x the entire input is decoded without regard for the size of the target buffer
 CVE-2019-12526
 	RESERVED
 CVE-2019-12525 (An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eae26065ca3b0d03b108c5428a228c3f0f7661f3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eae26065ca3b0d03b108c5428a228c3f0f7661f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190720/5e5c0f22/attachment.html>
