Path to this page:
Subject: CVS commit: [pkgsrc-2021Q1] pkgsrc/www/squid4
From: Benny Siegert
Date: 2021-05-31 15:28:45
Message id: 20210531132845.9D6CBFA95@cvs.NetBSD.org
Log Message:
Pullup ticket #6465 - requested by taca
www/squid4: security fix
Revisions pulled up:
- www/squid4/Makefile 1.18
- www/squid4/distinfo 1.11
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 10 14:22:57 UTC 2021
Modified Files:
pkgsrc/www/squid4: Makefile distinfo
Log Message:
www/squid4: update to 4.15
This release fixes these security issues from prior release.
* SQUID-2020:11 HTTP Request Smuggling
(CVE-2020-25097)
* SQUID-2021:1 Denial of Service in URN processing
(CVE-2021-28651)
* SQUID-2021:2 Denial of Service in HTTP Response Processing
(CVE-2021-28662)
* SQUID-2021:3 Denial of Service issue in Cache Manager
(CVE-2021-28652)
* SQUID-2021:4 Multiple issues in HTTP Range header
(CVE-2021-31806, CVE-2021-31807, CVE-2021-31808)
* SQUID-2021:5 Denial of Service in HTTP Response Processing
(CVE pending allocation)
Changes in squid-4.15 (10 May 2021):
- Bug 5112: Excessively loud chunked reply parsing error reporting
- Bug 5106: Broken cache manager URL parsing
- Bug 5104: Memory leak in RFC 2169 response parsing
- Bug 3556: "FD ... is not an open socket" for accept() problems
- Profiling: CPU timing implemented for MAC non-x86
- Fix HttpHeaderStats definition to include hoErrorDetail
- Fix Squid-to-client write_timeout triggers client_lifetime timeout
- Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs
- Handle more Range requests
- Handle more partial responses
- Stop processing a response if the Store entry is gone
- ... and some portability fixes
- ... and some documentation updates
Files: