On 19/04/20 6:52 am, Marcus Kool wrote: > Amos, > The latest version of Squid is 4.10. Do you mean "fixed in 4.10" > instead of "fixed in 4.8" ? > No, these CVE were fixed in 4.8. The advisory was embargoed for another issue, which is has taken too long and now going to be fixed in a later release. Amos > Thanks, > Marcus > > On 18/04/2020 14:10, Amos Jeffries wrote: >> __________________________________________________________________ >> >> Squid Proxy Cache Security Update Advisory SQUID-2019:4 >> __________________________________________________________________ >> >> Advisory ID: SQUID-2019:4 >> Date: April 18, 2020 >> Summary: Multiple Issues >> in HTTP Request processing. >> Affected versions: Squid 3.5.18 -> 3.5.28 >> Squid 4.0.10 -> 4.7 >> Fixed in version: Squid 4.8 >> __________________________________________________________________ >> >> http://www.squid-cache.org/Advisories/SQUID-2019_4.txt >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520 >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524 >> __________________________________________________________________ >> _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
