Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 674116 (CVE-2018-19131, CVE-2018-19132)

Summary: net-proxy/squid: multiple vulnerabilities
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: eras, zlogene
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.squid-cache.org/Advisories/
Whiteboard:
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2018-12-30 19:02:46 UTC
See
http://www.squid-cache.org/Advisories/

At least the latest two seem to be unfixed in current Gentoo:

SQUID-2018:5 (CVE-2018-19132), Oct 28, 2018
Fixed from 4.4 
Denial of Service issue in in SNMP processing.

SQUID-2018:4 (CVE-2018-19131), Oct 28, 2018
Fixed from 4.4 
Cross-Site Scripting issue in TLS error processing.
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-03-04 20:04:22 UTC
I have added 4.x just now and masked for testing, still the bug would be irrelevant as we only have 3.x widely used yet, while 3.x and 4.x branches are quite different.