* SQUID-2020-5 (CVE-2020-14059) Description: "Due to an Incorrect Synchronization, Squid is vulnerable to a Denial of Service attack when processing objects in an SMP cache." Advisory: http://www.squid-cache.org/Advisories/SQUID-2020_5.txt Advisory: https://github.com/squid-cache/squid/security/advisories/GHSA-w7pw-2m4p-58hr * SQUID-2020-6 (CVE-2020-14058) Description: "Due to use of a potentially dangerous function Squid and the default certificate validation helper are vulnerable to a Denial of Service attack when processing TLS certificates." Advisory: http://www.squid-cache.org/Advisories/SQUID-2020_6.txt Advisory: https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57
Please bump to 4.13.
Ebuild for 4.12 with the debug patch removed makes it compilable at least.
Let us know when ready to stable.
Unable to check for sanity: > no match for package: =net-misc/squid-4.12
Acked on IRC
amd64 stable
arm stable
ppc64 stable
x86 stable
ppc stable. Maintainer(s), please cleanup. Security, please vote.
GLSA vote: no.