From 335a196703ce613b91a7fb3aac93f1bb6495e3740d3289278a5084c7db781018 Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Mon, 29 Jan 2024 11:23:56 +0000 Subject: [PATCH 1/2] add bugzilla entry OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=286 --- squid.changes | 2 +- squid.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/squid.changes b/squid.changes index 9c0e08c..e332bc2 100644 --- a/squid.changes +++ b/squid.changes @@ -11,7 +11,7 @@ Thu Dec 28 22:12:14 UTC 2023 - Sean Lewis - log_db_daemon: Fix DSN construction - Limit the number of allowed X-Forwarded-For hops - Do not update StoreEntry expiration after errorAppendEntry() - - improve handling of response sending errors + - improve handling of response sending errors (bsc#1219131, CVE-2024-23638) ------------------------------------------------------------------- Wed Oct 25 14:32:33 UTC 2023 - Adam Majer diff --git a/squid.spec b/squid.spec index b0c3684..b4cc008 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ # # spec file for package squid # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed From 1b2dbe0e67ac493a7d157357feed149528e0eba9cb844bd836ebdf9364134e15 Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Mon, 29 Jan 2024 13:38:27 +0000 Subject: [PATCH 2/2] add missing CVEs OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=287 --- squid.changes | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/squid.changes b/squid.changes index e332bc2..074dc63 100644 --- a/squid.changes +++ b/squid.changes @@ -9,10 +9,17 @@ Thu Dec 28 22:12:14 UTC 2023 - Sean Lewis - Bug 5154: Do not open IPv6 sockets when IPv6 is disabled - FTP: Ignore credenials with a NUL-prefixed username - log_db_daemon: Fix DSN construction - - Limit the number of allowed X-Forwarded-For hops + - Limit the number of allowed X-Forwarded-For hops (bsc#1217654, CVE-2023-50269) - Do not update StoreEntry expiration after errorAppendEntry() - improve handling of response sending errors (bsc#1219131, CVE-2024-23638) +- changes in 6.5: + - Bug 5309: frequent "lowestOffset () <= target_offset" assertion + - Bug 4977: Remove mem_hdr::freeDataUpto() assertion + - Fix handling of expanding HTTP header values + - Fix RFC 1123 date parsing (bsc#1217813, CVE-2023-49285) + - Gracefully shutdown when helper process startup fails (bsc#1217815, CVE-2023-49286) + ------------------------------------------------------------------- Wed Oct 25 14:32:33 UTC 2023 - Adam Majer @@ -23,6 +30,7 @@ Wed Oct 25 14:32:33 UTC 2023 - Adam Majer + Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847) + Denial of Service in FTP (bsc#1216498, CVE-2023-46848) + Fix validation of certificates (bsc#1216803, CVE-2023-46724) + + One-Byte Buffer OverRead in HTTP Request Header Parsing (bsc#1217274) * Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL * Bug 4981: Work around in-call job invalidation bugs * basic_smb_lm_auth: fix 'no previous declaration' warnings @@ -43,7 +51,7 @@ Tue Sep 19 16:20:19 UTC 2023 - Adam Majer ------------------------------------------------------------------- Wed Aug 9 07:48:25 UTC 2023 - Paolo Stivanin -- update to 6.2: +- update to 6.2 (bsc#1217825, CVE-2023-49288, bsc#1216497): * Major UI changes: - Remove 8K limit for single access.log line - Add tls_key_log to report TLS communication secrets