On 2024-08-26 02:23, Alexandru Mateescu wrote:
In October 2023 the free vulnerabilities scanner of Greenbone (Openvas)
has started reporting high vulnerabilities on squid for all versions.
When I questioned them about it they indicated
https://megamansec.github.io/Squid-Security-Audit/ as their source of
truth and to date they have not reduced the score of the vulnerability
causing extensive issues for me and my security team.
I further asked them about it and they are looking for a published list
of security advisories about these vulnerabilities.
FWIW, the official list of recent Squid advisories is at
https://github.com/squid-cache/squid/security/advisories/
Some year-2020 and earlier advisories are available at
http://www.squid-cache.org/Advisories/
Needless to say, converting the above information into a list dedicated
to "Joshua 55" report (and to Squid v6.10) requires a lot of work.
Would it be possible to issue such a list for whichever ones are fixed
to date in squid 6.10
Yes, it is possible. FWIW, I built a similar _unofficial_ list at
https://gist.github.com/rousskov/9af0d33d2a1f4b5b3b948b2da426e77d
Please note that any meaningful list would heavily depend on Squid build
options and runtime configuration in this case, as detailed in a recent
squid-users email:
https://lists.squid-cache.org/pipermail/squid-users/2024-August/027043.html
HTH,
Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
