CVE-2021-28116 (http://lists.squid-cache.org/pipermail/squid-announce/2021-October/000136.html): Due to an out of bounds memory access Squid is vulnerable to an information leak vulnerability when processing WCCPv2 messages. Fixed in Squid 4.17 and 5.2 CVE-2021-41611 (http://lists.squid-cache.org/pipermail/squid-announce/2021-October/000139.html): When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. Fixed in 5.2. Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44539b076743101a4421d4ef45bd8ee5dedbb046 commit 44539b076743101a4421d4ef45bd8ee5dedbb046 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-15 02:06:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-15 02:07:01 +0000 net-proxy/squid: drop 4.15-r3, 5.4.1-r2 Bug: https://bugs.gentoo.org/816246 Signed-off-by: Sam James <sam@gentoo.org> net-proxy/squid/Manifest | 2 - net-proxy/squid/files/squid-4.3-gentoo.patch | 79 -------- net-proxy/squid/squid-4.15-r3.ebuild | 280 -------------------------- net-proxy/squid/squid-5.4.1-r2.ebuild | 285 --------------------------- 4 files changed, 646 deletions(-)
This is long since fixed, can this bug be closed please?
