[Git][security-tracker-team/security-tracker][master] Reserve DLA-2598-1 for squid3
Utkarsh Gupta
utkarsh at debian.org
Thu Mar 18 19:46:17 GMT 2021
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5d8bcd34 by Utkarsh Gupta at 2021-03-19T01:16:09+05:30
Reserve DLA-2598-1 for squid3
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[19 Mar 2021] DLA-2598-1 squid3 - security update
+ {CVE-2020-25097}
+ [stretch] - squid3 3.5.23-5+deb9u6
[17 Mar 2021] DLA-2597-1 velocity-tools - security update
{CVE-2020-13959}
[stretch] - velocity-tools 2.0-6+deb9u1
=====================================
data/dla-needed.txt
=====================================
@@ -128,10 +128,6 @@ spotweb
NOTE: 20210122: Upstream fix trivially bypassed, reported under CVE-2021-3286
NOTE: 20210127: Upstream says "we can fix this but it may take some time", revisit later (Beuc)
--
-squid3
- NOTE: 20210316: Patch is for squid 4.0, but vulnerable to in CVE-2020-25097 in src/url.cc. (lamby)
- NOTE: 20210316: Also check CVE-2021-28116. (lamby)
---
subversion (Thorsten Alteholz)
NOTE: 20210307: solving build problems (on IPv6 only host)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d8bcd346b5a74c8853f7ebe1c2091037a19defa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d8bcd346b5a74c8853f7ebe1c2091037a19defa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210318/969b207b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list