[Git][security-tracker-team/security-tracker][master] (CVE-2025-54574|CVE-2023-5824)/squid
Bastien Roucariès (@rouca)
rouca at debian.org
Fri Aug 15 22:06:21 BST 2025
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
34dbfe00 by Bastien Roucariès at 2025-08-15T23:06:09+02:00
(CVE-2025-54574|CVE-2023-5824)/squid
According to pachtes from other distribution the commit fixing the CVE-2025-54574
is the same that the fixes needed for CVE-2023-5824.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4025,6 +4025,7 @@ CVE-2025-54574 (Squid is a caching proxy for the Web. In versions 6.3 and below,
- squid 6.5-1
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3
NOTE: https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988 (SQUID_6_4)
+ NOTE: Same fix than CVE-2023-5824
CVE-2025-54564 (uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-co ...)
NOT-FOR-US: uploadsm in ChargePoint Home Flex
CVE-2025-53012 (MaterialX is an open standard for the exchange of rich material and lo ...)
@@ -186649,6 +186650,11 @@ CVE-2023-5824 (A flaw was found in Squid. The limits applied for validation of H
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
NOTE: https://megamansec.github.io/Squid-Security-Audit/cache-headers.html
+ NOTE: Fix [1/4] https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988 (6.4)
+ NOTE: Fix [2/4] https://github.com/squid-cache/squid/commit/57acdb7dcec38605ede048db82b495ba316e6311 (6.4)
+ NOTE: Fix [3/4] https://github.com/squid-cache/squid/commit/2f3efe5d9e1c9444cb3f95fc09cbbf52985f37bf (6.4)
+ NOTE: Fix [4/4] https://github.com/squid-cache/squid/commit/18209199f8c330176401eac7ef2deb06ca4389b9 (6.4)
+ NOTE: Fixing this CVE will fix CVE-2025-54574
CVE-2023-46846 (SQUID is vulnerable to HTTP request smuggling, caused by chunked decod ...)
{DSA-5637-1 DLA-3709-1}
- squid 6.5-1 (bug #1054537)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34dbfe00c5daf92c2d9c63421d352ab88b6c5f24
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34dbfe00c5daf92c2d9c63421d352ab88b6c5f24
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250815/1d75f2b4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list