[Git][security-tracker-team/security-tracker][master] Reserve DLA-2598-1 for squid3

Thu Mar 18 19:46:17 GMT 2021


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d8bcd34 by Utkarsh Gupta at 2021-03-19T01:16:09+05:30
Reserve DLA-2598-1 for squid3

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[19 Mar 2021] DLA-2598-1 squid3 - security update
+	{CVE-2020-25097}
+	[stretch] - squid3 3.5.23-5+deb9u6
 [17 Mar 2021] DLA-2597-1 velocity-tools - security update
 	{CVE-2020-13959}
 	[stretch] - velocity-tools 2.0-6+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -128,10 +128,6 @@ spotweb
   NOTE: 20210122: Upstream fix trivially bypassed, reported under CVE-2021-3286
   NOTE: 20210127: Upstream says "we can fix this but it may take some time", revisit later (Beuc)
 --
-squid3
-  NOTE: 20210316: Patch is for squid 4.0, but vulnerable to in CVE-2020-25097 in src/url.cc. (lamby)
-  NOTE: 20210316: Also check CVE-2021-28116. (lamby)
---
 subversion (Thorsten Alteholz)
   NOTE: 20210307: solving build problems (on IPv6 only host)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d8bcd346b5a74c8853f7ebe1c2091037a19defa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d8bcd346b5a74c8853f7ebe1c2091037a19defa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210318/969b207b/attachment-0001.htm>
