Package: squid Version: 6.3-1 Severity: grave Tags: security patch X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Hi, https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2725 links to a bunch of squid advisories, three of which have CVSS scores of 9+: https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255 https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh Squid 6.4 includes the fix; patches for 6.3 are provided, but don't apply cleanly to the Debian sources. Please package a non-vulnerable version ASAP. Thanks! AndrĂ¡s -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (350, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Init: runit (via /run/runit.stopit) LSM: AppArmor: enabled -- Computers are not intelligent. They only think they are.
