[Git][security-tracker-team/security-tracker][master] Reserve DLA-2685-1 for squid3

Abhijith PA (@abhijith) abhijith at debian.org
Mon Jun 14 04:07:33 BST 2021 


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e418d73 by Abhijith PA at 2021-06-14T08:37:17+05:30
Reserve DLA-2685-1 for squid3

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[14 Jun 2021] DLA-2685-1 squid3 - security update
+	{CVE-2021-28651 CVE-2021-28652 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620}
+	[stretch] - squid3 3.5.23-5+deb9u7
 [10 Jun 2021] DLA-2684-1 lasso - security update
 	{CVE-2021-28091}
 	[stretch] - lasso 2.5.0-5+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -119,14 +119,6 @@ sogo (Anton Gladky)
   NOTE: 20210603: maybe mention in announcement the recommendation to invalidate user
   NOTE: 20210603: sessions (see upstream blog). (pochu)
 --
-squid3 (Abhijith PA)
-  NOTE: 20210523:  not sure whether all CVEs realy affect Stretch
-  NOTE: 20210528: Looks like all CVEs affect stretch. (Ola)
-  NOTE: 20210528: For some buildRangeHeader has just moved from one file to another. (Ola)
-  NOTE: 20210603: I'm working on a ELTS fix and it's the same version, WIP backported patches at:
-  NOTE: 20210603: https://www.beuc.net/tmp/debian-elts/squid3/ (Beuc)
-  NOTE: 20210609: https://deb.freexian.com/extended-lts/pool/main/s/squid3/ (Beuc)
---
 xmlbeans
   NOTE: 20210222: Affected code changed significantly from 2.6.0 to 3.0.0 (the
   NOTE: 20210222: upstream release with the fix).  Trying to determine how to



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e418d7310879f71579f06555d356e056068bfff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e418d7310879f71579f06555d356e056068bfff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210614/6c82ac3a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list