[Git][security-tracker-team/security-tracker][master] Clarify upstream commits for CVE-2023-5824

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de57e61e by Salvatore Bonaccorso at 2025-08-16T09:01:06+02:00
Clarify upstream commits for CVE-2023-5824

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4028,7 +4028,7 @@ CVE-2025-54574 (Squid is a caching proxy for the Web. In versions 6.3 and below,
 	- squid 6.5-1
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3
 	NOTE: https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988 (SQUID_6_4)
-	NOTE: Same fix than CVE-2023-5824
+	NOTE: Included in set of fixes for CVE-2023-5824
 CVE-2025-54564 (uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-co ...)
 	NOT-FOR-US: uploadsm in ChargePoint Home Flex
 CVE-2025-53012 (MaterialX is an open standard for the exchange of rich material and lo ...)
@@ -186654,11 +186654,11 @@ CVE-2023-5824 (A flaw was found in Squid. The limits applied for validation of H
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
 	NOTE: https://megamansec.github.io/Squid-Security-Audit/cache-headers.html
-	NOTE: Fix [1/4] https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988 (6.4)
-	NOTE: Fix [2/4] https://github.com/squid-cache/squid/commit/57acdb7dcec38605ede048db82b495ba316e6311 (6.4)
-	NOTE: Fix [3/4] https://github.com/squid-cache/squid/commit/2f3efe5d9e1c9444cb3f95fc09cbbf52985f37bf (6.4)
-	NOTE: Fix [4/4] https://github.com/squid-cache/squid/commit/18209199f8c330176401eac7ef2deb06ca4389b9 (6.4)
-	NOTE: Fixing this CVE will fix CVE-2025-54574
+	NOTE: Fixed by [1/4]: https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988 (SQUID_6_4)
+	NOTE: Fixed by [2/4]: https://github.com/squid-cache/squid/commit/57acdb7dcec38605ede048db82b495ba316e6311 (SQUID_6_5)
+	NOTE: Fixed by [3/4]: https://github.com/squid-cache/squid/commit/2f3efe5d9e1c9444cb3f95fc09cbbf52985f37bf (SQUID_6_5)
+	NOTE: Followup [4/4]: https://github.com/squid-cache/squid/commit/18209199f8c330176401eac7ef2deb06ca4389b9 (SQUID_6_6)
+	NOTE: Fixing this CVE will fix CVE-2025-54574 as well.
 CVE-2023-46846 (SQUID is vulnerable to HTTP request smuggling, caused by chunked decod ...)
 	{DSA-5637-1 DLA-3709-1}
 	- squid 6.5-1 (bug #1054537)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de57e61e54f35a9803cef1c105fb56c3184f2f54

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de57e61e54f35a9803cef1c105fb56c3184f2f54
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250816/2105c22e/attachment.htm>