[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2023-46728,squid: Mark Buster as ignored

Markus Koschany (@apo) apo at debian.org
Mon Jan 8 22:28:00 GMT 2024 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a58e795 by Markus Koschany at 2024-01-08T21:51:11+01:00
CVE-2023-46728,squid: Mark Buster as ignored

Gopher support has been removed upstream. Since Gopher is ancient and rarely
used, we recommend to reject all gopher URL requests.

- - - - -
9c498ef6 by Markus Koschany at 2024-01-08T23:24:45+01:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

- - - - -
0dada7df by Markus Koschany at 2024-01-08T23:25:58+01:00
CVE-2023-46728,squid: Mark Bullseye and Bookworm also as ignored

The same reasoning applies to newer releases. Gopher support has just been
removed, no fix is available and the simple workaround is to reject Gopher URLs
which in 2024 shouldn't be a problem.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13502,6 +13502,9 @@ CVE-2021-46897 (views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS
 	NOT-FOR-US: Wagtail CRX CodeRed Extensions
 CVE-2023-46728 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and  ...)
 	- squid 6.1-1
+	[bookworm] - squid <ignored> (unsupported, Gopher support has been removed upstream)
+	[bullseye] - squid <ignored> (unsupported, Gopher support has been removed upstream)
+	[buster] - squid <ignored> (unsupported, Gopher support has been removed upstream)
 	NOTE: No code fix, gopher support was removed:
 	NOTE: https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 (SQUID_6_0_1)
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2f31272fab38603e91f0ec86d08b77d8ac71b410...0dada7df366d9b70323fc63d2605600605281d11

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2f31272fab38603e91f0ec86d08b77d8ac71b410...0dada7df366d9b70323fc63d2605600605281d11
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240108/8f9ef8fb/attachment.htm>

More information about the debian-security-tracker-commits mailing list