[Git][security-tracker-team/security-tracker][master] Update information for CVE-2022-4131{7,8}/squid

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 23 07:52:49 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ec33a4f by Salvatore Bonaccorso at 2022-09-23T08:48:24+02:00
Update information for CVE-2022-4131{7,8}/squid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20,16 +20,18 @@ CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rd
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3266
 	RESERVED
-CVE-2022-41318
+CVE-2022-41318 [Buffer Over Read in SSPI and SMB Authentication]
 	- squid <unfixed>
 	- squid3 <removed>
-	TODO: check
 	NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/2
-CVE-2022-41317
+	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch
+	NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch (5.7)
+CVE-2022-41317 [Exposure of Sensitive Information in Cache Manager]
 	- squid <unfixed>
 	- squid3 <removed>
-	TODO: check
 	NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/1
+	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch
+	NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch (5.7)
 CVE-2022-41313
 	RESERVED
 CVE-2022-41312



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ec33a4fb03801d472dc93a34494f1e9797b8473

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ec33a4fb03801d472dc93a34494f1e9797b8473
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220923/97b3993b/attachment.htm>


More information about the debian-security-tracker-commits mailing list