Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 674116 (CVE-2018-19131, CVE-2018-19132) - net-proxy/squid: multiple vulnerabilities
Summary: net-proxy/squid: multiple vulnerabilities
Status: RESOLVED INVALID
Alias: CVE-2018-19131, CVE-2018-19132
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: http://www.squid-cache.org/Advisories/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-30 19:02 UTC by Hanno Böck
Modified: 2019-03-04 20:04 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2018-12-30 19:02:46 UTC
See
http://www.squid-cache.org/Advisories/

At least the latest two seem to be unfixed in current Gentoo:

SQUID-2018:5 (CVE-2018-19132), Oct 28, 2018
Fixed from 4.4 
Denial of Service issue in in SNMP processing.

SQUID-2018:4 (CVE-2018-19131), Oct 28, 2018
Fixed from 4.4 
Cross-Site Scripting issue in TLS error processing.
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-03-04 20:04:22 UTC
I have added 4.x just now and masked for testing, still the bug would be irrelevant as we only have 3.x widely used yet, while 3.x and 4.x branches are quite different.