[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage squid3 for stretch LTS (CVE-2020-25097 & CVE-2021-28116).

Tue, 16 Mar 2021 04:12:36 -0700 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82c50362 by Chris Lamb at 2021-03-16T11:12:10+00:00
data/dla-needed.txt: Triage squid3 for stretch LTS (CVE-2020-25097 & 
CVE-2021-28116).

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -133,6 +133,10 @@ spotweb
   NOTE: 20210122: Upstream fix trivially bypassed, reported under CVE-2021-3286
   NOTE: 20210127: Upstream says "we can fix this but it may take some time", 
revisit later (Beuc)
 --
+squid3
+  NOTE: 20210316: Patch is for squid 4.0, but vulnerable to in CVE-2020-25097 
in src/url.cc. (lamby)
+  NOTE: 20210316: Also check CVE-2021-28116. (lamby)
+--
 subversion (Thorsten Alteholz)
   NOTE: 20210307: solving build problems (on IPv6 only host)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82c503623cdf27337861d7e556c646437a36795a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82c503623cdf27337861d7e556c646437a36795a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to