Next | Query returned 1 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2021-05-31 15:28:45 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #6465 - requested by taca
www/squid4: security fix

Revisions pulled up:
- www/squid4/Makefile                                           1.18
- www/squid4/distinfo                                           1.11

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon May 10 14:22:57 UTC 2021

   Modified Files:
   	pkgsrc/www/squid4: Makefile distinfo

   Log message:
   www/squid4: update to 4.15

   This release fixes these security issues from prior release.

   * SQUID-2020:11 HTTP Request Smuggling
     (CVE-2020-25097)
   * SQUID-2021:1 Denial of Service in URN processing
     (CVE-2021-28651)
   * SQUID-2021:2 Denial of Service in HTTP Response Processing
     (CVE-2021-28662)
   * SQUID-2021:3 Denial of Service issue in Cache Manager
     (CVE-2021-28652)
   * SQUID-2021:4 Multiple issues in HTTP Range header
     (CVE-2021-31806, CVE-2021-31807, CVE-2021-31808)
   * SQUID-2021:5 Denial of Service in HTTP Response Processing
     (CVE pending allocation)

   Changes in squid-4.15 (10 May 2021):

   	- Bug 5112: Excessively loud chunked reply parsing error reporting
   	- Bug 5106: Broken cache manager URL parsing
   	- Bug 5104: Memory leak in RFC 2169 response parsing
   	- Bug 3556: "FD ... is not an open socket" for accept() problems
   	- Profiling: CPU timing implemented for MAC non-x86
   	- Fix HttpHeaderStats definition to include hoErrorDetail
   	- Fix Squid-to-client write_timeout triggers client_lifetime timeout
   	- Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs
   	- Handle more Range requests
   	- Handle more partial responses
   	- Stop processing a response if the Store entry is gone
   	- ... and some portability fixes
   	- ... and some documentation updates

Next | Query returned 1 messages, browsing 1 to 10 | previous