[Git][security-tracker-team/security-tracker][master] Reserve DLA-4083-1 for squid

Tue Mar 11 11:58:58 GMT 2025


Jochen Sprickerhof pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48eb1d29 by Jochen Sprickerhof at 2025-03-11T12:58:48+01:00
Reserve DLA-4083-1 for squid

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Mar 2025] DLA-4083-1 squid - security update
+	{CVE-2024-25111 CVE-2024-37894 CVE-2024-45802}
+	[bullseye] - squid 4.13-10+deb11u4
 [10 Mar 2025] DLA-4082-1 ruby2.7 - security update
 	{CVE-2025-27219 CVE-2025-27220 CVE-2025-27221}
 	[bullseye] - ruby2.7 2.7.4-1+deb11u5


=====================================
data/dla-needed.txt
=====================================
@@ -267,19 +267,6 @@ sogo
   NOTE: 20240922: Added by Front-Desk (apo)
   NOTE: 20240922: See also postponed issues.
 --
-squid (jspricke)
-  NOTE: 20240308: Added by oldstable Security Team (apo)
-  NOTE: 20240308: Readd squid to dsa-needed.txt
-  NOTE: 20240308: There are still unfixed problems in both supported versions. Especially
-  NOTE: 20240308: the fix for CVE-2023-5824 is kind of intrusive. (apo)
-  NOTE: 20240815: A bookworm DSA is planned (Beuc/front-desk)
-  NOTE: 20240930: Backported most patches, help will be needed with CVE-2024-25111 (roberto)
-  NOTE: 20241028: Sorted out all the patch backports. Still need to test (roberto)
-  NOTE: 20250125: Reviewing my previous work, it is clear that there is an error in the CVE-2024-25111 patch
-  NOTE: 20250125: I cannot figure out the right way to backport the call to the NaturalSum function
-  NOTE: 20250125: This requires someone who knows/understands c++17 semantics.
-  NOTE: 20250125: The other patches were straightforward, but I recommend reviewing them all the same (roberto)
---
 suricata (abhijith)
   NOTE: 20250112: Added by Front-Desk (ta)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48eb1d29a2d69da60b927d5260bad4019e7a659e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48eb1d29a2d69da60b927d5260bad4019e7a659e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250311/53d25c8f/attachment-0001.htm>
