Overview

Request 715608 superseded

- Update to squid 4.8:
+ Ignore ECONNABORTED in accept(2)
+ RFC 7230 forbids generation of userinfo subcomponent of https URL
+ cachemgr.cgi: unallocated memory access resulting in a potential
denial of service. (bsc#1141442, CVE-2019-12854)
+ terminating c-strings beyond BASE64_DECODE_LENGTH
+ Replace uudecode with libnettle base64 decoder fixing a denial
of service vulnerability (bsc#1141329, CVE-2019-12529)
+ fix to_localhost does not include ::
+ Fix GCC-9 build issues
+ Fix Digest auth parameter parsing preventing a potential
denial of service (bsc#1141332, CVE-2019-12525)
+ Update HttpHeader::getAuth to SBuf which prevents a potential
heap overflowing allowing a possible remote code execution
attack when processing HTTP Authentication credentials
(bsc#1141330, CVE-2019-12527)
+ Add the NO_TLSv1_3 option to available tls-options values
+ Fix handling of tiny invalid responses
+ Fix Memory leak when http_reply_access uses external_acl
+ Fix Multiple XSS issues in cachemgr.cgi
(bsc#1140738, CVE-2019-13345)
- disable LTO to as a workaround to tests failing

Loading...
Request History
Adam Majer's avatar

adamm created request

- Update to squid 4.8:
+ Ignore ECONNABORTED in accept(2)
+ RFC 7230 forbids generation of userinfo subcomponent of https URL
+ cachemgr.cgi: unallocated memory access resulting in a potential
denial of service. (bsc#1141442, CVE-2019-12854)
+ terminating c-strings beyond BASE64_DECODE_LENGTH
+ Replace uudecode with libnettle base64 decoder fixing a denial
of service vulnerability (bsc#1141329, CVE-2019-12529)
+ fix to_localhost does not include ::
+ Fix GCC-9 build issues
+ Fix Digest auth parameter parsing preventing a potential
denial of service (bsc#1141332, CVE-2019-12525)
+ Update HttpHeader::getAuth to SBuf which prevents a potential
heap overflowing allowing a possible remote code execution
attack when processing HTTP Authentication credentials
(bsc#1141330, CVE-2019-12527)
+ Add the NO_TLSv1_3 option to available tls-options values
+ Fix handling of tiny invalid responses
+ Fix Memory leak when http_reply_access uses external_acl
+ Fix Multiple XSS issues in cachemgr.cgi
(bsc#1140738, CVE-2019-13345)
- disable LTO to as a workaround to tests failing


Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources


Factory Auto's avatar

factory-auto accepted review

Check script succeeded


Ismail Dönmez's avatar

namtrac accepted review


Staging Bot's avatar

staging-bot added openSUSE:Factory:Staging:adi:41 as a reviewer

Being evaluated by staging project "openSUSE:Factory:Staging:adi:41"


Staging Bot's avatar

staging-bot accepted review

Picked openSUSE:Factory:Staging:adi:41


Adam Majer's avatar

adamm superseded request

superseded by 715745

openSUSE Build Service is sponsored by