[Git][security-tracker-team/security-tracker][master] LTS: unclaim squid, update notes

Roberto C. Sánchez (@roberto) roberto at debian.org
Sat Jan 25 22:41:42 GMT 2025 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
478b3a42 by Roberto C. Sánchez at 2025-01-25T17:40:56-05:00
LTS: unclaim squid, update notes

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -243,14 +243,18 @@ sogo
   NOTE: 20240922: Added by Front-Desk (apo)
   NOTE: 20240922: See also postponed issues.
 --
-squid (roberto)
+squid
   NOTE: 20240308: Added by oldstable Security Team (apo)
   NOTE: 20240308: Readd squid to dsa-needed.txt
   NOTE: 20240308: There are still unfixed problems in both supported versions. Especially
   NOTE: 20240308: the fix for CVE-2023-5824 is kind of intrusive. (apo)
   NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
-  NOTE: 20240930: Backported most patches, help will be needed with CVE-2024-25111 and CVE-2023-46846 (roberto)
+  NOTE: 20240930: Backported most patches, help will be needed with CVE-2024-25111 (roberto)
   NOTE: 20241028: Sorted out all the patch backports. Still need to test (roberto)
+  NOTE: 20250125: Reviewing my previous work, it is clear that there is an error in the CVE-2024-25111 patch
+  NOTE: 20250125: I cannot figure out the right way to backport the call to the NaturalSum function
+  NOTE: 20250125: This requires someone who knows/understands c++17 semantics.
+  NOTE: 20250125: The other patches were straightforward, but I recommend reviewing them all the same (roberto)
 --
 suricata (Adrian Bunk)
   NOTE: 20250112: Added by Front-Desk (ta)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/478b3a4287cad8abcd1ac3b9f92f3aa14b6baab2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/478b3a4287cad8abcd1ac3b9f92f3aa14b6baab2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250125/721ee2d6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list