Univention Bugzilla – Bug 52966
squid3: Multiple issues (4.4)
Last modified: 2021-03-24 15:58:58 CET
New Debian squid3 3.5.23-5+deb9u6A~4.4.7.202103220941 fixes: This update addresses the following issue: * improper input validation may allow a trusted client to perform HTTP Request Smuggling (CVE-2020-25097)
--- mirror/ftp/4.4/unmaintained/component/4.4-7-errata/source/squid3_3.5.23-5+deb9u5A~4.4.0.202012171304.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/squid3_3.5.23-5+deb9u6A~4.4.7.202103220941.dsc @@ -1,10 +1,17 @@ -3.5.23-5+deb9u5A~4.4.0.202012171304 [Thu, 17 Dec 2020 13:04:30 +0100] Univention builddaemon <buildd@univention.de>: +3.5.23-5+deb9u6A~4.4.7.202103220941 [Mon, 22 Mar 2021 09:46:09 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 001-enable-ssl 005-squid-4-14311 006-postinst 009-sec-update-ssl-52182 + +3.5.23-5+deb9u6 [Fri, 19 Mar 2021 00:55:46 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix HTTP Request Smuggling (Fixes: CVE-2020-25097) (Closes: # 985068) + - Due to improper input validation Squid is vulnerable to an HTTP + Request Smuggling attack. 3.5.23-5+deb9u5 [Fri, 02 Oct 2020 16:01:53 +0200] Markus Koschany <apo@debian.org>: <http://piuparts.knut.univention.de/4.4-7/#671368722833089612>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 116be08851 Bug #52966: squid3 3.5.23-5+deb9u6A~4.4.7.202103220941 doc/errata/staging/squid3.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x928>