Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 917615 (CVE-2023-46728, SQUID-2020:13, SQUID-2021:8)

Summary: <net-proxy/squid-6.2: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: hlein, proxy-maint
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/34106
Whiteboard: C3 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 919054    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-20 03:32:32 UTC 
SQUID-2020:13 (https://lists.squid-cache.org/pipermail/squid-announce/2023-September/000152.html):

" Due to a buffer overflow bug Squid is vulnerable to a Denial of Service
 attack against Squid's gopher gateway."

SQUID-2021:8 (https://lists.squid-cache.org/pipermail/squid-announce/2023-September/000153.html):

" Due to a NULL pointer de-reference bug Squid is vulnerable to
 a Denial of Service attack against Squid's Gopher gateway."

So the affected functionality is just removed in 6.0.1, I guess we
need to stablize >6 and cleanup <6.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-21 01:20:27 UTC 
CVE-2023-46728 == SQUID-2021:8
Comment 2 Larry the Git Cow gentoo-dev 2023-12-07 06:21:47 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a2b11bf740e489bd7f00271bc26c1d1bdba27de

commit 2a2b11bf740e489bd7f00271bc26c1d1bdba27de
Author:     Hank Leininger <hlein@korelogic.com>
AuthorDate: 2023-12-03 17:39:07 +0000
Commit:     Arthur Zamarin <arthurzam@gentoo.org>
CommitDate: 2023-12-07 06:20:54 +0000

    net-proxy/squid: drop 5.7-r1, 5.8, 5.9, 6.2, 6.4
    
    Signed-off-by: Hank Leininger <hlein@korelogic.com>
    Bug: https://bugs.gentoo.org/917615
    Bug: https://bugs.gentoo.org/916334
    Closes: https://github.com/gentoo/gentoo/pull/34106
    Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>

 net-proxy/squid/Manifest                     |   5 -
 net-proxy/squid/files/squid-5.3-gentoo.patch |  87 ------
 net-proxy/squid/files/squid.initd-r5         | 125 ---------
 net-proxy/squid/squid-5.7-r1.ebuild          | 380 --------------------------
 net-proxy/squid/squid-5.8.ebuild             | 382 --------------------------
 net-proxy/squid/squid-5.9.ebuild             | 382 --------------------------
 net-proxy/squid/squid-6.2.ebuild             | 383 --------------------------
 net-proxy/squid/squid-6.4.ebuild             | 386 ---------------------------
 8 files changed, 2130 deletions(-)