From ${URL} : A reflected cross site scripting vulnerability is present in the blocking script squidGuard.cgi. The vulnerability is triggered when a user clicks a link to a blocked site where the url has scripting instructions added. External references: http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20150201 CVE request: http://seclists.org/oss-sec/2016/q2/569 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
@maintainer, fix is in the 1.5 release.
The 1.5 available on the website matches the beta that is already in the tree.
(In reply to Jeroen Roovers from comment #2) > The 1.5 available on the website matches the beta that is already in the > tree. --- squidGuard-1.4-patch-20150201/squidGuard.cgi 2015-02-02 03:43:27.000000000 +0900 +++ squidGuard-1.5-beta/samples/squidGuard.cgi.in 2010-09-09 19:34:32.000000000 +0900 Compared the upstream patch set for 1.4 against the 1.5 beta release in tree. All is good. @maintainer(s), please cleanup the vulnerable version in tree.
Vulnerable versions are removed from tree
