Bug#1120694: bookworm-pu: package squid3/5.7-2+deb12u5

To: Bastien Roucaries <rouca@debian.org>, 1120694@bugs.debian.org
Subject: Bug#1120694: bookworm-pu: package squid3/5.7-2+deb12u5
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 06 Dec 2025 15:45:49 +0000
Message-id: <[🔎] 3649924127686ed16c8547f0cebc7f07d122753c.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1120694@bugs.debian.org
In-reply-to: <3913410.kQq0lBPeGt@debian-ei>
References: <3913410.kQq0lBPeGt@debian-ei> <3913410.kQq0lBPeGt@debian-ei>

Control: tags -1 + confirmed

On Fri, 2025-11-14 at 21:40 +0100, Bastien Roucaries wrote:
> [ Reason ]
> 
>   * Fix CVE-2023-46728:
>     Due to a NULL pointer dereference bug Squid is vulnerable
>     to a Denial of Service attack against Squid's Gopher gateway.
>   * Fix CVE-2025-59362 (Closes: #1117048)
>     Squid mishandles ASN.1 encoding of long SNMP OIDs.
>   * Remove Gopher support
>   * Fix CVE-2024-45802: Disable ESI feature support.
>     Due to Input Validation, Premature Release of Resource During
> Expected
>     Lifetime, and Missing Release of Resource after Effective
> Lifetime bugs,
>     Squid is vulnerable to Denial of Service attacks by a trusted
> server
>     against all clients using the proxy. This problem is fixed by
> changing
>     the build configuration to specify the --disable-esi option.

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: Bug#1120662: bookworm-pu: package symfony/5.4.23+dfsg-1+deb12u5
Next by Date: Bug#1118049: bookworm-pu: package distro-info-data/0.58+deb12u6
Previous by thread: Processed: Re: Bug#1120662: bookworm-pu: package symfony/5.4.23+dfsg-1+deb12u5
Next by thread: Processed: Re: Bug#1120694: bookworm-pu: package squid3/5.7-2+deb12u5
Index(es):
- Date
- Thread