[Git][security-tracker-team/security-tracker][master] 5 commits: Add fixed version for CVE-2009-0801/squid

Salvatore Bonaccorso carnil at debian.org
Sat Feb 8 13:48:16 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03dddcf9 by Salvatore Bonaccorso at 2020-02-08T14:42:33+01:00
Add fixed version for CVE-2009-0801/squid

Mark is as fixed with first src:squid version based on 4.x series after
the source package rename.

- - - - -
e419eb0b by Salvatore Bonaccorso at 2020-02-08T14:44:03+01:00
Add fixed version for CVE-2014-6270/squid

While src:squid was on the 2.x branch the issue was unimportant as the
SNMP part was not build. A while later after the issue got fixed in
3.4.8-1 in src:squid3 the source package was renamed back to src:squid.
Mark the issue for src:squid as fixed with the first upload of the 4.x
series to unstable.

- - - - -
904f33d3 by Salvatore Bonaccorso at 2020-02-08T14:45:42+01:00
Add fixed version for CVE-2015-3455/squid

- - - - -
ed1c67f2 by Salvatore Bonaccorso at 2020-02-08T14:46:30+01:00
Add fixed version for CVE-2016-2390/squid

For the 4.x branch the issue was fixed back in 4.0.6, mark the first 4.x
based version which entered unstable as the fixed one.

- - - - -
7ab89c98 by Salvatore Bonaccorso at 2020-02-08T14:47:41+01:00
Add fixed version for CVE-2018-1172/squid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -128132,7 +128132,7 @@ CVE-2018-1173 (This vulnerability allows remote attackers to execute arbitrary c
 	NOT-FOR-US: Foxit Reader
 CVE-2018-1172 (This vulnerability allows remote attackers to deny service on vulnerab ...)
 	[experimental] - squid 4.0.21-1~exp5 (unimportant)
-	- squid <removed> (unimportant)
+	- squid 4.1-1 (unimportant)
 	[wheezy] - squid <not-affected> (Vunerable code introduced in 3.1)
 	- squid3 <unfixed> (unimportant)
 	NOTE: src:squid as source package reintroduced for 4.x in experimental
@@ -205478,7 +205478,7 @@ CVE-2016-2391 (The ohci_bus_start function in the USB OHCI emulation support (hw
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794
 	NOTE: http://www.openwall.com/lists/oss-security/2016/02/16/2
 CVE-2016-2390 (The FwdState::connectedToPeer method in FwdState.cc in Squid before 3. ...)
-	- squid <removed> (unimportant)
+	- squid 4.1-1 (unimportant)
 	- squid3 3.5.14-1 (unimportant)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_1.txt
 	NOTE: Only affects custom builds with --enable-ssl (disabled for license purposes in Debian)
@@ -228012,7 +228012,7 @@ CVE-2015-3622 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Lib
 	NOTE: Introduced by http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=609d5c1366fb424f6150c4eed358d246e61cf204 (libtasn1_3_6)
 	NOTE: DECR_LEN introduced in http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=154909136c12cfa5c60732b7210827dfb1ec6aee (libtasn1_3_6)
 CVE-2015-3455 (Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, a ...)
-	- squid <removed> (unimportant)
+	- squid 4.1-1 (unimportant)
 	- squid3 3.5.6-1 (unimportant)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
 	NOTE: Only affects custom builds with --enable-ssl (disabled for license purposes in Debian)
@@ -247687,8 +247687,8 @@ CVE-2014-6311 (generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable
 CVE-2014-6310 (Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attacker ...)
 	- chicken <not-affected> (Affects only CHICKEN Scheme on the Android platform)
 CVE-2014-6270 (Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squi ...)
-	- squid <removed> (unimportant)
-	NOTE: SNMP not built in squid 2
+	- squid 4.1-1 (unimportant)
+	NOTE: SNMP was not built in squid 2.x
 	- squid3 3.4.8-1 (low; bug #761002)
 	[wheezy] - squid3 <no-dsa> (Minor issue)
 	[squeeze] - squid3 <no-dsa> (Minor issue)
@@ -340951,7 +340951,7 @@ CVE-2009-0803 (SmoothWall SmoothGuardian, as used in SmoothWall Firewall, Networ
 CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, uses the  ...)
 	NOT-FOR-US: Qbik WinGate
 CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the HTTP Ho ...)
-	- squid <unfixed> (unimportant; bug #521053)
+	- squid 4.1-1 (unimportant; bug #521053)
 	- squid3 3.3.3-1 (unimportant; bug #521052)
 	NOTE: This only affects HTTP connections and only in transparent mode
 	NOTE: Also, same origin validations in the browsers still apply and keep this mostly harmless



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fa1960b0b09d9b7ca93d900a27afe177fbde9349...7ab89c98171845029531068b99eef8e7717c2289

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/fa1960b0b09d9b7ca93d900a27afe177fbde9349...7ab89c98171845029531068b99eef8e7717c2289
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200208/19d427e3/attachment.html>


More information about the debian-security-tracker-commits mailing list