From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] squid: Update to 4.13
Date: Mon, 24 Aug 2020 10:49:19 +0100
Message-ID: <058E3319-3719-42AA-96D8-7DB5A997E5E6@ipfire.org>
In-Reply-To: <20200823124258.3114-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7610235921879611379=="
List-Id: <development.lists.ipfire.org>

--===============7610235921879611379==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Thank you for working on this so quickly.

-Michael

> On 23 Aug 2020, at 13:42, Matthias Fischer <matthias.fischer(a)ipfire.org> =
wrote:
>=20
> For details see:
> http://www.squid-cache.org/Versions/v4/changesets/
>=20
> and
>=20
> http://lists.squid-cache.org/pipermail/squid-users/2020-August/022566.html
>=20
> Fixes (excerpt):
>=20
> "* SQUID-2020:8 HTTP(S) Request Splitting
>   (CVE-2020-15811)
>=20
> This problem is serious because it allows any client, including
> browser scripts, to bypass local security and poison the browser
> cache and any downstream caches with content from an arbitrary
> source.
>=20
> * SQUID-2020:9 Denial of Service processing Cache Digest Response
>   (CVE pending allocation)
>=20
> This problem allows a trusted peer to deliver to perform Denial
> of Service by consuming all available CPU cycles on the machine
> running Squid when handling a crafted Cache Digest response
> message.
>=20
> * SQUID-2020:10 HTTP(S) Request Smuggling
>   (CVE-2020-15810)
>=20
> This problem is serious because it allows any client, including
> browser scripts, to bypass local security and poison the proxy
> cache and any downstream caches with content from an arbitrary
> source.
>=20
> * Bug 5051: Some collapsed revalidation responses never expire
>=20
> * SSL-Bump: Support parsing GREASEd (and future) TLS handshakes
>=20
> * Honor on_unsupported_protocol for intercepted https_port"
>=20
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> lfs/squid | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>=20
> diff --git a/lfs/squid b/lfs/squid
> index ebd25e42e..3a53315d7 100644
> --- a/lfs/squid
> +++ b/lfs/squid
> @@ -24,7 +24,7 @@
>=20
> include Config
>=20
> -VER        =3D 4.12
> +VER        =3D 4.13
>=20
> THISAPP    =3D squid-$(VER)
> DL_FILE    =3D $(THISAPP).tar.xz
> @@ -46,7 +46,7 @@ objects =3D $(DL_FILE)
>=20
> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
>=20
> -$(DL_FILE)_MD5 =3D ad7a4a8a0031cae3435717a759173829
> +$(DL_FILE)_MD5 =3D 492e54afc15821141ff1d1d9903854d6
>=20
> install : $(TARGET)
>=20
> --=20
> 2.18.0
>=20


--===============7610235921879611379==--