Re: [squid-users] 2 year old security bugs not fixed?

[Amos Jeffries]

On 14/10/23 04:19, Dieter Bloms wrote:

Hello,

I stumbled across this page
https://joshua.hu/squid-security-audit-35-0days-45-exploits and wonder
if all these security holes are really still there.

Can someone from the developers give a status?

Thank you very much.




We continue to close the vulnerabilities we can. In the order we deem 
most urgent based on what we know of common use cases for Squid.


Some issues listed are missing their fix references, so the situation is 
(slightly) better than first appearances.  Right now I am going through 
the list again cross-checking his given titles against our security team 
records to make sure all of them have had the appropriate triage done 
and get his CVE references updated.




To quote the article:

"
The Squid Team have been helpful and supportive during the process of 
reporting these issues. However, they are effectively understaffed, and 
simply do not have the resources to fix the discovered issues. Hammering 
them with demands to fix the issues won’t get far.

"

If anyone wishes to help please volunteer in squid-dev or squid-bugs 
mailing lists.  has 
all the starter info.




Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users

[squid-users] 2 year old security bugs not fixed?

[Dieter Bloms]

Hello,

I stumbled across this page
https://joshua.hu/squid-security-audit-35-0days-45-exploits and wonder
if all these security holes are really still there.

Can someone from the developers give a status?

Thank you very much.

-- 
Regards

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users