[Git][security-tracker-team/security-tracker][master] more squid references

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Oct 23 16:24:38 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ad5b218 by Moritz Muehlenhoff at 2023-10-23T17:24:04+02:00
more squid references

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -107589,6 +107589,7 @@ CVE-2021-46784 (In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
 	NOTE: https://github.com/squid-cache/squid/commit/780c4ea1b4c9d2fb41f6962aa6ed73ae57f74b2b (v4)
 	NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch
+	NOTE: https://megamansec.github.io/Squid-Security-Audit/gopher-assert.html
 CVE-2022-29559
 	RESERVED
 CVE-2022-29558 (Realtek rtl819x-SDK before v3.6.1 allows command injection over the we ...)
@@ -168412,6 +168413,7 @@ CVE-2021-33620 (Squid before 4.15 and 5.x before 5.0.6 allows remote servers to
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch
+	NOTE: https://megamansec.github.io/Squid-Security-Audit/range-fatal.html
 CVE-2021-33614
 	RESERVED
 CVE-2021-33613
@@ -173465,6 +173467,7 @@ CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
+	NOTE: https://megamansec.github.io/Squid-Security-Audit/range-assert-int.html
 CVE-2021-31807 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An  ...)
 	{DSA-4924-1 DLA-2685-1}
 	- squid 4.13-10 (bug #989043)
@@ -173472,6 +173475,7 @@ CVE-2021-31807 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
+	NOTE: https://megamansec.github.io/Squid-Security-Audit/range-uaf.html
 CVE-2021-31806 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
 	{DSA-4924-1 DLA-2685-1}
 	- squid 4.13-10 (bug #989043)
@@ -173479,6 +173483,7 @@ CVE-2021-31806 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
+	NOTE: https://megamansec.github.io/Squid-Security-Audit/range-assert.html
 CVE-2021-31805 (The fix issued for CVE-2020-17530 was incomplete. So from Apache Strut ...)
 	- libstruts1.2-java <not-affected> (Vulnerable code not present; fix for CVE-2020-17530 not applied; specific to 2.x)
 	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-062
@@ -181758,6 +181763,7 @@ CVE-2021-28662 (An issue was discovered in Squid 4.x before 4.15 and 5.x before
 	- squid 4.13-10 (bug #988891)
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch
+	NOTE: https://megamansec.github.io/Squid-Security-Audit/vary-other-assert.html
 CVE-2021-28661 (Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x thr ...)
 	NOT-FOR-US: ilverStripe GraphQL Server
 CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted renegoti ...)
@@ -181809,12 +181815,14 @@ CVE-2021-28652 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-0003e3518dc95e4b5ab46b5140af79b22253048e.patch
+	NOTE: https://megamansec.github.io/Squid-Security-Audit/cachemanager-memleak.html
 CVE-2021-28651 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
 	{DSA-4924-1 DLA-2685-1}
 	- squid 4.13-10 (bug #988893)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-a975fd5aedc866629214aaaccb38376855351899.patch
+	NOTE: https://megamansec.github.io/Squid-Security-Audit/urn-memleak.html
 CVE-2021-28963 (Shibboleth Service Provider before 3.2.1 allows content injection beca ...)
 	{DSA-4872-1 DLA-2599-1}
 	- shibboleth-sp 3.2.1+dfsg1-1 (bug #985405)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ad5b218c5ecd7c30339f4c7bc417a333fca26e7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ad5b218c5ecd7c30339f4c7bc417a333fca26e7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231023/4d8dfc53/attachment.htm>

More information about the debian-security-tracker-commits mailing list