$URL is official, but not yet up to date. https://marc.info/?l=oss-security&m=166391421412647&w=4 SQUID-2022:1 - CVE-2022-41317 Information disclosure in cache manager https://marc.info/?l=oss-security&m=166391436712744&w=4 SQUID-2022:2 - CVE-2022-41318 Buffer overflow / memory leak in SSPI and SMB auth Both are fixed in squid-5.7. There is an outstanding bump request to 5.7 (https://bugs.gentoo.org/869968), but it is generic, created before these security issues were disclosed.
Thanks for reporting!
Not sure if zlogene will get to this, feel free to make a PR
(In reply to John Helmert III from comment #2) > Not sure if zlogene will get to this, feel free to make a PR Working on it, got changes locally, but I overhauled the whole thing, so having to test it out
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69e685162ba2ccf86cf04e7ba544718bc9ae41d4 commit 69e685162ba2ccf86cf04e7ba544718bc9ae41d4 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-09-24 06:19:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-09-29 02:14:37 +0000 net-proxy/squid: add 5.7 Bug: https://bugs.gentoo.org/858845 Bug: https://bugs.gentoo.org/872551 Closes: https://bugs.gentoo.org/706126 Closes: https://bugs.gentoo.org/869968 Signed-off-by: Sam James <sam@gentoo.org> net-proxy/squid/Manifest | 1 + net-proxy/squid/squid-5.7.ebuild | 362 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 363 insertions(+)
The ebuild has changed a fair bit so won't rush to stable it just yet.
