git.libre-soc.org Git - buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Sat, 29 Aug 2020 09:51:19 +0000 (11:51 +0200)
committer	Yann E. MORIN <yann.morin.1998@free.fr>
	Sat, 29 Aug 2020 10:03:45 +0000 (12:03 +0200)
commit	71ac106bb3b4759d5a050ecade9ba687a27801ff
tree	99a428e116fd828d1632dd3dfab6c55331ffa00e	tree
parent	0ed8bf6d2b3314e5c66d134c2362560e384b25f0	commit \| diff

package/squid: security bump to version 4.13

Fixes the following security issues:

CVE-2020-15810: HTTP(S) Request Smuggling
Due to incorrect data validation Squid is vulnerable to HTTP Request
Smuggling attacks against HTTP and HTTPS traffic. This leads to cache
poisoning.
https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m

CVE-2020-15811: HTTP(S) Request Splitting
Due to incorrect data validation Squid is vulnerable to HTTP Request
Splitting attacks against HTTP and HTTPS traffic. This leads to cache
poisoning.
https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv

CVE-2020-24606: Denial of Service processing Cache Digest Response
Due to Improper Input Validation Squid is vulnerable to a Denial of Service
attack against the machine operating Squid.
https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

package/squid/squid.hash		diff \| blob \| history
package/squid/squid.mk		diff \| blob \| history