$URL is official, but not yet up to date. https://marc.info/?l=oss-security&m=166391421412647&w=4 SQUID-2022:1 - CVE-2022-41317 Information disclosure in cache manager https://marc.info/?l=oss-security&m=166391436712744&w=4 SQUID-2022:2 - CVE-2022-41318 Buffer overflow / memory leak in SSPI and SMB auth Both are fixed in squid-5.7. There is an outstanding bump request to 5.7 (https://bugs.gentoo.org/869968), but it is generic, created before these security issues were disclosed.
Thanks for reporting!
Not sure if zlogene will get to this, feel free to make a PR
(In reply to John Helmert III from comment #2) > Not sure if zlogene will get to this, feel free to make a PR Working on it, got changes locally, but I overhauled the whole thing, so having to test it out
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69e685162ba2ccf86cf04e7ba544718bc9ae41d4 commit 69e685162ba2ccf86cf04e7ba544718bc9ae41d4 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-09-24 06:19:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-09-29 02:14:37 +0000 net-proxy/squid: add 5.7 Bug: https://bugs.gentoo.org/858845 Bug: https://bugs.gentoo.org/872551 Closes: https://bugs.gentoo.org/706126 Closes: https://bugs.gentoo.org/869968 Signed-off-by: Sam James <sam@gentoo.org> net-proxy/squid/Manifest | 1 + net-proxy/squid/squid-5.7.ebuild | 362 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 363 insertions(+)
The ebuild has changed a fair bit so won't rush to stable it just yet.
This is long since fixed, can this bug be closed please?
commit 8b6de11b7479f646a9f935ca3295aae637b124aa Author: Hank Leininger <hlein@korelogic.com> Date: Sat Jun 17 12:34:30 2023 -0600 net-proxy/squid: drop 4.17-r1 Signed-off-by: Hank Leininger <hlein@korelogic.com> Closes: https://github.com/gentoo/gentoo/pull/31518 Signed-off-by: Sam James <sam@gentoo.org>