I am not sure if you have any contact with the Debian maintainers. I raised a bug with Debian in March asking for 4.10 to get promoted to buster-backports on the grounds of security fixes. If we’re on the stable release (buster) we are stuck with 4.6 until the next stable release (up to 2 years), use the testing release which has other changes or we have to compile our own.
MarkJ
On 19 Apr 2020, at 1:33 pm, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 19/04/20 6:52 am, Marcus Kool wrote:Amos,
The latest version of Squid is 4.10. Do you mean "fixed in 4.10"
instead of "fixed in 4.8" ?
No, these CVE were fixed in 4.8. The advisory was embargoed for anotherissue, which is has taken too long and now going to be fixed in a laterrelease.AmosThanks,
Marcus
On 18/04/2020 14:10, Amos Jeffries wrote:
__________________________________________________________________
Squid Proxy Cache Security Update Advisory SQUID-2019:4
__________________________________________________________________
Advisory ID: SQUID-2019:4
Date: April 18, 2020
Summary: Multiple Issues
in HTTP Request processing.
Affected versions: Squid 3.5.18 -> 3.5.28
Squid 4.0.10 -> 4.7
Fixed in version: Squid 4.8
__________________________________________________________________
http://www.squid-cache.org/Advisories/SQUID-2019_4.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524
__________________________________________________________________
_______________________________________________squid-users mailing listsquid-users@xxxxxxxxxxxxxxxxxxxxxhttp://lists.squid-cache.org/listinfo/squid-users
|
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
