Bug 816246

Summary:	<net-proxy/squid-4.17: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	hlein, hydrapolic, maintainer-needed, mgorny, zlogene
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---
Bug Depends on:	835771
Bug Blocks:

Description John Helmert III archtester

2021-10-04 12:10:27 UTC

CVE-2021-28116 (http://lists.squid-cache.org/pipermail/squid-announce/2021-October/000136.html):

Due to an out of bounds memory access Squid is vulnerable to an information leak vulnerability when processing WCCPv2 messages.

Fixed in Squid 4.17 and 5.2

CVE-2021-41611 (http://lists.squid-cache.org/pipermail/squid-announce/2021-October/000139.html):

When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted.

Fixed in 5.2.


Please bump.

Comment 1 Larry the Git Cow gentoo-dev

2023-01-15 02:08:01 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44539b076743101a4421d4ef45bd8ee5dedbb046

commit 44539b076743101a4421d4ef45bd8ee5dedbb046
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-01-15 02:06:57 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-01-15 02:07:01 +0000

    net-proxy/squid: drop 4.15-r3, 5.4.1-r2
    
    Bug: https://bugs.gentoo.org/816246
    Signed-off-by: Sam James <sam@gentoo.org>

 net-proxy/squid/Manifest                     |   2 -
 net-proxy/squid/files/squid-4.3-gentoo.patch |  79 --------
 net-proxy/squid/squid-4.15-r3.ebuild         | 280 --------------------------
 net-proxy/squid/squid-5.4.1-r2.ebuild        | 285 ---------------------------
 4 files changed, 646 deletions(-)

Comment 2 Hank Leininger 2024-02-06 23:03:10 UTC

This is long since fixed, can this bug be closed please?