We are waiting on it. Sorry summer time :) Best regards, Rafael Akchurin
> Op 3 aug. 2018 om 21:06 heeft Kumpf, Scott <sku...@ouc.com> het volgende > geschreven: > > Greetings, > > Checking in to see how the new Squid for Windows build is coming along, is > there an update? Is there a tentative release date? > > *Subject is incorrect---ignore 'splunk' > > Scott Kumpf > Sr. Network Engineer-EMS (Contractor) > Orlando Utilities Commission > Office: (407) 434-4305 / Cell: (386) 547-2698 > Email: sku...@ouc.com > > > > > -----Original Message----- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Rafael Akchurin > Sent: Saturday, July 28, 2018 1:36 AM > To: Amos Jeffries <squ...@treenet.co.nz> > Cc: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] splunk 3.5.27-Sec Advisories > > Hello Amos, Scott, > > Will try building now. Shall be possible by the end of next week I hope. > > Best regards, > Rafael Akchurin > >>> Op 28 jul. 2018 om 07:23 heeft Amos Jeffries <squ...@treenet.co.nz> het >>> volgende geschreven: >>> >>> On 28/07/18 08:48, Kumpf, Scott wrote: >>> Greetings, >>> >>> The organization I work for is running Splunk for Windows version 3.5.27 >>> which is impacted by 3 security vulnerabilities that were released earlier >>> this year. From what I can tell, our squid implementation was installed >>> using an MSI package from Diladele. It is my understanding per the >>> advisories, the first point of contact for support is the >>> maintainer/package vendor. Diladele referred me back to Squid Developers >>> and the only version that they have made available is version 3.5.27. As I >>> am not too familiar with source code packaging or compiling, I am in search >>> for some guidance on available options to mitigate or remediate these >>> vulnerabilities. I believe 2 of them have workarounds that can be >>> implemented by modifying the squid.conf. >>> As I am not aware of how to determine how this version was configured at >>> time of build therefore am not 100% certain if my implementation is even >>> vulnerable. Supposing the software is at risk, the advisories indicate >>> there are patches available for each issue, however, I'm not clear on what >>> to do with the information that the patch link presents. >>> >> >> The command line "squid -v" will list the build options used for your >> particular binary along with its particular version. The advisory >> section titled "Determining if your version is vulnerable:" is a >> checklist to compare against your Squid. One statement there should >> match your particular Squid installation. >> >> The fixes for all these are in our 3.5.28 bundle from 10 days ago. I >> have not made the official announcements yet (thanks for the reminder) >> so Diladele may have not been aware. >> >> I've cc'd Rafael on this reply and also opened an issue in the tracker >> specifically notifying of the release so they can start on that while >> I do the write-up. >> <https://github.com/diladele/squid-windows/issues/81> >> >> >> HTH >> Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > ________________________________ > > DISCLAIMER: > Florida has a very broad public records law. As a result, any written > communication created or received by Orlando Utilities Commission officials > and employees will be made available to the public and media, upon request, > unless otherwise exempt. Under Florida law, email addresses are public > records. If you do not want your email address released in response to a > public records request, do not send electronic mail to this office. Instead, > contact our office by phone or in writing. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
