From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] package/squid: security bump to version 4.14
Date: Tue, 30 Mar 2021 08:10:03 +0200 [thread overview]
Message-ID: <20210330061003.23351-1-peter@korsgaard.com> (raw)
Fixes the following security issues:
- CVE-2020-25097: HTTP Request Smuggling
Due to improper input validation Squid is vulnerable to an HTTP Request
Smuggling attack.
For more details, see the advisory:
https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/squid/squid.hash | 8 ++++----
package/squid/squid.mk | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/squid/squid.hash b/package/squid/squid.hash
index b7e051960e..a2aaba5fd5 100644
--- a/package/squid/squid.hash
+++ b/package/squid/squid.hash
@@ -1,6 +1,6 @@
-# From http://www.squid-cache.org/Versions/v4/squid-4.13.tar.xz.asc
-md5 492e54afc15821141ff1d1d9903854d6 squid-4.13.tar.xz
-sha1 cac95c18789e9ecd6620c2f278fc3900498c065b squid-4.13.tar.xz
+# From http://www.squid-cache.org/Versions/v4/squid-4.14.tar.xz.asc
+md5 7d9ba82703cd770b2ede169a0c1de94a squid-4.14.tar.xz
+sha1 71ae13a845a6a7ffc69ce11086ea3e427625bc08 squid-4.14.tar.xz
# Locally calculated
-sha256 6891a0f540e60779b4f24f1802a302f813c6f473ec7336a474ed68c3e2e53ee0 squid-4.13.tar.xz
+sha256 f1097daa6434897c159bc100978b51347c0339041610845d0afa128151729ffc squid-4.14.tar.xz
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
diff --git a/package/squid/squid.mk b/package/squid/squid.mk
index a3ccbbcf8e..7e6865f8ed 100644
--- a/package/squid/squid.mk
+++ b/package/squid/squid.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SQUID_VERSION = 4.13
+SQUID_VERSION = 4.14
SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
SQUID_SITE = http://www.squid-cache.org/Versions/v4
SQUID_LICENSE = GPL-2.0+
--
2.20.1
next reply other threads:[~2021-03-30 6:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-30 6:10 Peter Korsgaard [this message]
2021-03-30 15:15 ` [Buildroot] [PATCH] package/squid: security bump to version 4.14 Peter Korsgaard
2021-04-03 10:21 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210330061003.23351-1-peter@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.