File _patchinfo of Package patchinfo.19785

<patchinfo incident="19785">
  <issue tracker="bnc" id="1185918">VUL-0: CVE-2021-28652: squid,squid3:  SQUID-2021:3 Denial of Service issue in Cache Manager</issue>
  <issue tracker="bnc" id="1185916">VUL-0: CVE-2021-31806: squid,squid3: SQUID-2021:4 Multiple Issues in HTTP Range header</issue>
  <issue tracker="bnc" id="1185923">VUL-0: squid,squid3:  SQUID-2021:5 Denial of Service in HTTP Response processing</issue>
  <issue tracker="bnc" id="1185919">VUL-0: CVE-2021-28662: squid,squid3:  SQUID-2021:2 Denial of Service in HTTP Response Processing</issue>
  <issue tracker="bnc" id="1171164">AUDIT-TASK: permissions: %_libexecdir changes from /usr/lib to /usr/libexec, affects multiple entries</issue>
  <issue tracker="bnc" id="1171569">AUDIT-1: squid: permissions and location of /usr/sbin/basic_pam_auth</issue>
  <issue tracker="bnc" id="1185921">VUL-0: CVE-2021-28651: squid,squid3: SQUID-2021:1 Denial of Service in URN processing</issue>
  <issue tracker="bnc" id="1183436">VUL-0: CVE-2020-25097: squid: HTTP Request Smuggling (SQUID-2020:11)</issue>
  <issue tracker="cve" id="2021-28652"/>
  <issue tracker="cve" id="2020-25097"/>
  <issue tracker="cve" id="2021-28651"/>
  <issue tracker="cve" id="2021-28662"/>
  <issue tracker="cve" id="2021-31806"/>
  <summary>Security update for squid</summary>
  <description>This update for squid fixes the following issues:

- update to 4.15:
- CVE-2021-28652: Broken cache manager URL parsing (bsc#1185918)
- CVE-2021-28651: Memory leak in RFC 2169 response parsing (bsc#1185921)
- CVE-2021-28662: Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs (bsc#1185919)
- CVE-2021-31806: Handle more Range requests (bsc#1185916)
- CVE-2020-25097: HTTP Request Smuggling vulnerability (bsc#1183436)
- Handle more partial responses (bsc#1185923)
- fix previous change to reinstante permissions macros, because the wrong path has been used (bsc#1171569).
- use libexecdir instead of libdir to conform to recent changes in Factory (bsc#1171164).
- Reinstate permissions macros for pinger binary, because the permissions
  package is also responsible for setting up the cap_net_raw capability,
  currently a fresh squid install doesn't get a capability bit at all (bsc#1171569).
- Change pinger and basic_pam_auth helper to use standard permissions. pinger uses cap_net_raw=ep instead (bsc#1171569)
openSUSE Build Service is sponsored by