From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/squid: security bump to version 5.6
Date: Sat, 27 Aug 2022 09:59:26 +0200 [thread overview]
Message-ID: <20220827075926.GO37358@scaer> (raw)
In-Reply-To: <20220826212254.37425-1-fontaine.fabrice@gmail.com>
Fabrice, All,
On 2022-08-26 23:22 +0200, Fabrice Fontaine spake thusly:
> Fix CVE-2021-46784: In Squid 3.x through 3.5.28, 4.x through 4.17, and
> 5.x before 5.6, due to improper buffer management, a Denial of Service
> can occur when processing long Gopher server responses.
>
> https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/squid/squid.hash | 8 ++++----
> package/squid/squid.mk | 2 +-
> 2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/package/squid/squid.hash b/package/squid/squid.hash
> index e18ed8961e..22c6db8c70 100644
> --- a/package/squid/squid.hash
> +++ b/package/squid/squid.hash
> @@ -1,6 +1,6 @@
> -# From http://www.squid-cache.org/Versions/v5/squid-5.3.tar.xz.asc
> -md5 9249f30169ab6600e53b4f9b8129b3b0 squid-5.3.tar.xz
> -sha1 d3a8310c725616fa7565d60f3bf8fdf5fa20b15a squid-5.3.tar.xz
> +# From http://www.squid-cache.org/Versions/v5/squid-5.6.tar.xz.asc
> +md5 2f2201a18a0a727ab589d951ebe4f815 squid-5.6.tar.xz
> +sha1 a01f47b3e9ff06245c894773de30bfd88ab14f65 squid-5.6.tar.xz
> # Locally calculated
> -sha256 45178588df1311ded41ebadd632840c4d93a8d7f5f60e38e74acf2f1ae2f1715 squid-5.3.tar.xz
> +sha256 38d27338a347597ce0e93d0c3be6e5f66b6750417c474ca87ee0d61bb6d148db squid-5.6.tar.xz
> sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
> diff --git a/package/squid/squid.mk b/package/squid/squid.mk
> index 3847fb49dc..86a0c714c6 100644
> --- a/package/squid/squid.mk
> +++ b/package/squid/squid.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -SQUID_VERSION = 5.3
> +SQUID_VERSION = 5.6
> SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
> SQUID_SITE = http://www.squid-cache.org/Versions/v5
> SQUID_LICENSE = GPL-2.0+
> --
> 2.35.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2022-08-27 7:59 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-26 21:22 [Buildroot] [PATCH 1/1] package/squid: security bump to version 5.6 Fabrice Fontaine
2022-08-27 7:59 ` Yann E. MORIN [this message]
2022-09-17 15:40 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220827075926.GO37358@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@buildroot.org \
--cc=fontaine.fabrice@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.