bug#47142: closed (squid package vulnerable to CVE-2021-28116)

emacs-bug-tracker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47142: closed (squid package vulnerable to CVE-2021-28116)

From:	GNU bug Tracking System
Subject:	bug#47142: closed (squid package vulnerable to CVE-2021-28116)
Date:	Wed, 23 Mar 2022 03:07:03 +0000

Your message dated Tue, 22 Mar 2022 23:05:54 -0400
with message-id <87ils5z7u5.fsf@gmail.com>
and subject line Re: bug#47142: squid package vulnerable to CVE-2021-28116
has caused the debbugs.gnu.org bug report #47142,
regarding squid package vulnerable to CVE-2021-28116
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
47142: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=47142
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

--- Begin Message --- Subject: squid package vulnerable to CVE-2021-28116 Date: Sun, 14 Mar 2021 17:34:38 -0400

I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten.

      Mark

-------------------- Start of forwarded message --------------------
Subject: squid package vulnerable to CVE-2021-28116
From: Léo Le Bouter <lle-bout@zaclys.net>
To: guix-devel@gnu.org
Date: Wed, 10 Mar 2021 01:22:51 +0100

CVE-2021-28116  09.03.21 23:15
Squid through 4.14 and 5.x through 5.0.5, in some configurations,
allows information disclosure because of an out-of-bounds read in WCCP
protocol data. This can be leveraged as part of a chain for remote code
execution as nobody.

Upstream did not release a patch yet. CVE entry to be monitored for a
fix.

https://www.zerodayinitiative.com/advisories/ZDI-21-157/ - says it is a
low impact issue.

signature.asc
Description: This is a digitally signed message part

-------------------- End of forwarded message --------------------

--- End Message ---

--- Begin Message --- Subject: Re: bug#47142: squid package vulnerable to CVE-2021-28116 Date: Tue, 22 Mar 2022 23:05:54 -0400 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

Hello,

Mark H Weaver <mhw@netris.org> writes:

> I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten.
>
>       Mark
>
> -------------------- Start of forwarded message --------------------
> Subject: squid package vulnerable to CVE-2021-28116
> From: Léo Le Bouter <lle-bout@zaclys.net>
> To: guix-devel@gnu.org
> Date: Wed, 10 Mar 2021 01:22:51 +0100
>
> CVE-2021-28116        09.03.21 23:15
> Squid through 4.14 and 5.x through 5.0.5, in some configurations,

We're now using squid 4.17.

Closing.

Thanks,

Maxim

--- End Message ---

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47142: closed (squid package vulnerable to CVE-2021-28116), GNU bug Tracking System <=

Prev by Date: bug#47019: closed (Rust 1.26.2 from the master branch fails to build on aarch64-linux)
Next by Date: bug#47009: closed (Python 3.8.2 build failure during 'guix pull')
Previous by thread: bug#47019: closed (Rust 1.26.2 from the master branch fails to build on aarch64-linux)
Next by thread: bug#47009: closed (Python 3.8.2 build failure during 'guix pull')
Index(es):
- Date
- Thread