[Buildroot] [PATCH v1 2/2] package/squid: security bump to version 4.15

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Peter Seiderer <ps.report@gmx.net>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v1 2/2] package/squid: security bump to version 4.15
Date: Sun, 13 Jun 2021 00:33:09 +0200	[thread overview]
Message-ID: <20210613003309.284dafe4@gmx.net> (raw)
In-Reply-To: <20210612222749.25669-2-ps.report@gmx.net>

Forget this one (send by mistake - git format-patch master -2 vs.
git format patch -2), sorry for the noise...

Regards,
Peter

On Sun, 13 Jun 2021 00:27:49 +0200, Peter Seiderer <ps.report@gmx.net> wrote:

> From: Peter Korsgaard <peter@korsgaard.com>
>
> Fixes the following security issues:
>
> - CVE-2021-28651: Denial of Service in URN processing
>   Due to a buffer management bug Squid is vulnerable to a Denial of service
>   attack against the server it is operating on.
>
>   This attack is limited to proxies which attempt to resolve a "urn:"
>   resource identifier.  Support for this resolving is enabled by default in
>   all Squid.
>
>   https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4
>
> - CVE-2021-28652: Denial of Service issue in Cache Manager
>   Due to an incorrect parser validation bug Squid is vulnerable to a Denial
>   of Service attack against the Cache Manager API.
>
>   https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
>
> - CVE-2021-28662: Denial of Service in HTTP Response Processing
>   Due to an input validation bug Squid is vulnerable to a Denial of Service
>   against all clients using the proxy.
>
>   https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
>
> - CVE-2021-31806, CVE-2021-31807, CVE-2021-31808: Multiple Issues in HTTP
>   Range header
>   Due to an incorrect input validation bug Squid is vulnerable to
>   a Denial of Service attack against all clients using the proxy.
>
>   https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
>
> - CVE-2021-33620: Denial of Service in HTTP Response processing
>   Due to an input validation bug Squid is vulnerable to a Denial of Service
>   against all clients using the proxy.
>
>   https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
>  package/squid/squid.hash | 8 ++++----
>  package/squid/squid.mk   | 2 +-
>  2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/package/squid/squid.hash b/package/squid/squid.hash
> index a2aaba5fd5..12a9e5d293 100644
> --- a/package/squid/squid.hash
> +++ b/package/squid/squid.hash
> @@ -1,6 +1,6 @@
> -# From http://www.squid-cache.org/Versions/v4/squid-4.14.tar.xz.asc
> -md5  7d9ba82703cd770b2ede169a0c1de94a  squid-4.14.tar.xz
> -sha1  71ae13a845a6a7ffc69ce11086ea3e427625bc08  squid-4.14.tar.xz
> +# From http://www.squid-cache.org/Versions/v4/squid-4.15.tar.xz.asc
> +md5  a593de9dc888dfeca4f1f7db2cd7d3b9  squid-4.15.tar.xz
> +sha1  60bda34ba39657e2d870c8c1d2acece8a69c3075  squid-4.15.tar.xz
>  # Locally calculated
> -sha256  f1097daa6434897c159bc100978b51347c0339041610845d0afa128151729ffc  squid-4.14.tar.xz
> +sha256  b693a4e5ab2811a8a854f60de0a62afbbf3a952bb1d047952c9ae01321f84a25  squid-4.15.tar.xz
>  sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
> diff --git a/package/squid/squid.mk b/package/squid/squid.mk
> index 7e6865f8ed..b23a8d26ed 100644
> --- a/package/squid/squid.mk
> +++ b/package/squid/squid.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>
> -SQUID_VERSION = 4.14
> +SQUID_VERSION = 4.15
>  SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
>  SQUID_SITE = http://www.squid-cache.org/Versions/v4
>  SQUID_LICENSE = GPL-2.0+

next prev parent reply	other threads:[~2021-06-12 22:33 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-12 22:27 [Buildroot] [PATCH v1 1/2] package/mpg123: bump version to 1.25.15 Peter Seiderer
2021-06-12 22:27 ` [Buildroot] [PATCH v1 2/2] package/squid: security bump to version 4.15 Peter Seiderer
2021-06-12 22:33   ` Peter Seiderer [this message]
2021-06-12 22:32 ` [Buildroot] [PATCH v1 1/2] package/mpg123: bump version to 1.25.15 Peter Seiderer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210613003309.284dafe4@gmx.net \
    --to=ps.report@gmx.net \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.