From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] squid: Update to 4.13
Date: Mon, 24 Aug 2020 10:49:19 +0100 [thread overview]
Message-ID: <058E3319-3719-42AA-96D8-7DB5A997E5E6@ipfire.org> (raw)
In-Reply-To: <20200823124258.3114-1-matthias.fischer@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 2109 bytes --]
Thank you for working on this so quickly.
-Michael
> On 23 Aug 2020, at 13:42, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
>
> For details see:
> http://www.squid-cache.org/Versions/v4/changesets/
>
> and
>
> http://lists.squid-cache.org/pipermail/squid-users/2020-August/022566.html
>
> Fixes (excerpt):
>
> "* SQUID-2020:8 HTTP(S) Request Splitting
> (CVE-2020-15811)
>
> This problem is serious because it allows any client, including
> browser scripts, to bypass local security and poison the browser
> cache and any downstream caches with content from an arbitrary
> source.
>
> * SQUID-2020:9 Denial of Service processing Cache Digest Response
> (CVE pending allocation)
>
> This problem allows a trusted peer to deliver to perform Denial
> of Service by consuming all available CPU cycles on the machine
> running Squid when handling a crafted Cache Digest response
> message.
>
> * SQUID-2020:10 HTTP(S) Request Smuggling
> (CVE-2020-15810)
>
> This problem is serious because it allows any client, including
> browser scripts, to bypass local security and poison the proxy
> cache and any downstream caches with content from an arbitrary
> source.
>
> * Bug 5051: Some collapsed revalidation responses never expire
>
> * SSL-Bump: Support parsing GREASEd (and future) TLS handshakes
>
> * Honor on_unsupported_protocol for intercepted https_port"
>
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> lfs/squid | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lfs/squid b/lfs/squid
> index ebd25e42e..3a53315d7 100644
> --- a/lfs/squid
> +++ b/lfs/squid
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 4.12
> +VER = 4.13
>
> THISAPP = squid-$(VER)
> DL_FILE = $(THISAPP).tar.xz
> @@ -46,7 +46,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = ad7a4a8a0031cae3435717a759173829
> +$(DL_FILE)_MD5 = 492e54afc15821141ff1d1d9903854d6
>
> install : $(TARGET)
>
> --
> 2.18.0
>
prev parent reply other threads:[~2020-08-24 9:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-23 12:42 Matthias Fischer
2020-08-24 9:49 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=058E3319-3719-42AA-96D8-7DB5A997E5E6@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox