[Buildroot] [PATCH] package/squid: security bump to version 4.13
Peter Korsgaard
peter at korsgaard.com
Sat Aug 29 11:37:21 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> CVE-2020-15810: HTTP(S) Request Smuggling
> Due to incorrect data validation Squid is vulnerable to HTTP Request
> Smuggling attacks against HTTP and HTTPS traffic. This leads to cache
> poisoning.
> https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
> CVE-2020-15811: HTTP(S) Request Splitting
> Due to incorrect data validation Squid is vulnerable to HTTP Request
> Splitting attacks against HTTP and HTTPS traffic. This leads to cache
> poisoning.
> https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
> CVE-2020-24606: Denial of Service processing Cache Digest Response
> Due to Improper Input Validation Squid is vulnerable to a Denial of Service
> attack against the machine operating Squid.
> https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2020.02.x and 2020.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list