[Git][security-tracker-team/security-tracker][master] Reserve DLA-4312-1 for squid

Sat Sep 27 16:11:41 BST 2025


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1588d84b by Bastien Roucariès at 2025-09-27T17:11:25+02:00
Reserve DLA-4312-1 for squid

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -202470,7 +202470,6 @@ CVE-2021-46897 (views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS
 CVE-2023-46728 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and  ...)
 	- squid 6.1-1
 	[bookworm] - squid <ignored> (unsupported, Gopher support has been removed upstream)
-	[bullseye] - squid <ignored> (unsupported, Gopher support has been removed upstream)
 	[buster] - squid <ignored> (unsupported, Gopher support has been removed upstream)
 	NOTE: No code fix, gopher support was removed:
 	NOTE: https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 (SQUID_6_0_1)
@@ -202500,7 +202499,6 @@ CVE-2023-46847 (Squid is vulnerable to a Denial of Service,  where a remote atta
 CVE-2023-5824 (A flaw was found in Squid. The limits applied for validation of HTTP r ...)
 	{DSA-5982-1}
 	- squid 6.5-1 (bug #1055249)
-	[bullseye] - squid <ignored> (Minor impact, too intrusive to backport to 5.x)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
 	NOTE: https://megamansec.github.io/Squid-Security-Audit/cache-headers.html


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Sep 2025] DLA-4312-1 squid - security update
+	{CVE-2023-5824 CVE-2023-46728 CVE-2025-54574}
+	[bullseye] - squid 4.13-10+deb11u5
 [26 Sep 2025] DLA-4311-1 thunderbird - security update
 	{CVE-2025-10527 CVE-2025-10528 CVE-2025-10529 CVE-2025-10532 CVE-2025-10533 CVE-2025-10536 CVE-2025-10537}
 	[bullseye] - thunderbird 1:140.3.0esr-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -372,11 +372,6 @@ sogo
   NOTE: 20240922: See also postponed issues.
   NOTE: 20250609: Please take care of vulnerable embed js (rouca)
 --
-squid (rouca)
-  NOTE: 20250805: Added by Front-Desk (rouca)
-  NOTE: 20250815: will need to fix CVE-2023-5824
-  NOTE: 20250821: DSA 5982-1 released fixing CVE-2023-5824 and CVE-2025-54574 (dleidert)
---
 suricata
   NOTE: 20250331: re added to fix next bunch of CVEs (ta)
   NOTE: 20250825: testing package (ta)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1588d84b67f387bdda78e8126b16f94717f01de3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1588d84b67f387bdda78e8126b16f94717f01de3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250927/a8ec359b/attachment-0001.htm>
