[Git][security-tracker-team/security-tracker][master] Track fixed version for squid issues via unstable

Fri Nov 10 05:21:48 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
778d4467 by Salvatore Bonaccorso at 2023-11-10T06:21:08+01:00
Track fixed version for squid issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3110,29 +3110,29 @@ CVE-2023-46728 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f
 	NOTE: https://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html
 CVE-2023-46724 (Squid is a caching proxy for the Web. Due to an Improper Validation of ...)
-	- squid <unfixed> (bug #1055252)
+	- squid 6.5-1 (bug #1055252)
 	[buster] - squid <not-affected> (Doesn't build with OpenSSL yet)
 	NOTE: https://github.com/squid-cache/squid/commit/792ef23e6e1c05780fe17f733859eef6eb8c8be3
 	NOTE: https://megamansec.github.io/Squid-Security-Audit/ssl-bufferunderread.html
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3
 CVE-2023-46848 (Squid is vulnerable to Denial of Service,  where a remote attacker can ...)
-	- squid <unfixed> (bug #1055251)
+	- squid 6.5-1 (bug #1055251)
 	[bullseye] - squid <not-affected> (Vulnerable code not present)
 	[buster] - squid <not-affected> (Vulnerable code not present)
 	- squid3 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w
 CVE-2023-46847 (Squid is vulnerable to a Denial of Service,  where a remote attacker c ...)
-	- squid <unfixed> (bug #1055250)
+	- squid 6.5-1 (bug #1055250)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
 	NOTE: https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3
 	NOTE: https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html
 CVE-2023-5824 (Squid is vulnerable to Denial of Service attack against HTTP and HTTPS ...)
-	- squid <unfixed> (bug #1055249)
+	- squid 6.5-1 (bug #1055249)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
 CVE-2023-46846 (SQUID is vulnerable to HTTP request smuggling, caused by chunked decod ...)
-	- squid <unfixed> (bug #1054537)
+	- squid 6.5-1 (bug #1054537)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh
 CVE-2023-5178 (A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` ...)
@@ -287529,9 +287529,17 @@ CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allow
 	NOTE: /usr/sbin/maidat not installed suid root on Debian
 CVE-2019-18861
 	RESERVED
+CVE-2023-XXXX [SQUID-2023:8 Denial of Service in Helper Process management]
+	- squid 6.5-1 (low)
+	- squid3 <removed>
+	TODO: fill in upstream references, cf. https://tracker.debian.org/news/1477295/accepted-squid-65-1-source-into-unstable/
+CVE-2023-XXXX [SQUID-2023:7 Denial of Service in HTTP Message processing]
+	- squid 6.5-1 (low)
+	- squid3 <removed>
+	TODO: fill in upstream references, cf. https://tracker.debian.org/news/1477295/accepted-squid-65-1-source-into-unstable/
 CVE-2019-18860 (Squid before 4.9, when certain web browsers are used, mishandles HTML  ...)
 	{DSA-4732-1 DLA-2278-1}
-	- squid 4.9-1 (low)
+	- squid 6.5-1 (low)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/pull/504
 	NOTE: https://github.com/squid-cache/squid/commit/5cc4b155cee1a4968109737f6eba2ef29d51034d (SQUID_5_0_1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/778d44678936649eb550e589645c60a50da81f88

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/778d44678936649eb550e589645c60a50da81f88
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231110/73488f0e/attachment.htm>
