Univention Bugzilla – Bug 54907
squid: Multiple issues (5.0)
Last modified: 2022-07-06 16:43:01 CEST
New Debian squid 4.6-1+deb10u7A~5.0.1.202206281116 fixes: This update addresses the following issues: * out-of-bounds read in WCCP protocol data may lead to information disclosure (CVE-2021-28116) * DoS when processing gopher server responses (CVE-2021-46784)
--- mirror/ftp/pool/main/s/squid/squid_4.6-1+deb10u6A~5.0.0.202106051546.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/squid_4.6-1+deb10u7A~5.0.1.202206281116.dsc @@ -1,8 +1,15 @@ -4.6-1+deb10u6A~5.0.0.202106051546 [Sat, 05 Jun 2021 15:46:50 +0200] Univention builddaemon <buildd@univention.de>: +4.6-1+deb10u7A~5.0.1.202206281116 [Tue, 28 Jun 2022 11:17:31 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 001-enable-ssl 005-squid-4-14311 + +4.6-1+deb10u7 [Sun, 26 Jun 2022 09:46:03 +0200] Santiago Garcia Mantinan <manty@debian.org>: + + * Add patch to fix a Denial of Service in Gopher Processing. + Fixes: CVE-2021-46784. + * Add patch to fix Out-Of-Bounds memory access in WCCPv2. + Fixes: CVE-2021-28116. 4.6-1+deb10u6 [Mon, 31 May 2021 10:39:12 +0200] Santiago Garcia Mantinan <manty@debian.org>: <http://piuparts.knut.univention.de/5.0-1/#4188431155698113770>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-1] 5019f9ce3d Bug #54907: squid 4.6-1+deb10u7A~5.0.1.202206281116 doc/errata/staging/squid.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [5.0-1] b3ea09846b Bug #54907: squid 4.6-1+deb10u7A~5.0.1.202206281116 doc/errata/staging/squid.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x343>