SQUID-2020:13 (https://lists.squid-cache.org/pipermail/squid-announce/2023-September/000152.html): " Due to a buffer overflow bug Squid is vulnerable to a Denial of Service attack against Squid's gopher gateway." SQUID-2021:8 (https://lists.squid-cache.org/pipermail/squid-announce/2023-September/000153.html): " Due to a NULL pointer de-reference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway." So the affected functionality is just removed in 6.0.1, I guess we need to stablize >6 and cleanup <6.
CVE-2023-46728 == SQUID-2021:8
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a2b11bf740e489bd7f00271bc26c1d1bdba27de commit 2a2b11bf740e489bd7f00271bc26c1d1bdba27de Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2023-12-03 17:39:07 +0000 Commit: Arthur Zamarin <arthurzam@gentoo.org> CommitDate: 2023-12-07 06:20:54 +0000 net-proxy/squid: drop 5.7-r1, 5.8, 5.9, 6.2, 6.4 Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/917615 Bug: https://bugs.gentoo.org/916334 Closes: https://github.com/gentoo/gentoo/pull/34106 Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> net-proxy/squid/Manifest | 5 - net-proxy/squid/files/squid-5.3-gentoo.patch | 87 ------ net-proxy/squid/files/squid.initd-r5 | 125 --------- net-proxy/squid/squid-5.7-r1.ebuild | 380 -------------------------- net-proxy/squid/squid-5.8.ebuild | 382 -------------------------- net-proxy/squid/squid-5.9.ebuild | 382 -------------------------- net-proxy/squid/squid-6.2.ebuild | 383 -------------------------- net-proxy/squid/squid-6.4.ebuild | 386 --------------------------- 8 files changed, 2130 deletions(-)