Request 746661: Submit squid - openSUSE Build Service

Overview

Request 746661 accepted

- Update to squid 4.9:
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi
(CVE-2019-13345, bsc#1140738)
* fixes heap overflow in URN processing
(CVE-2019-12526, bsc#1156326)
* fixes multiple issues in URI processing
(CVE-2019-12523, CVE-2019-18676, bsc#1156329)
* fixes Cross-Site Request Forgery in HTTP Request processing
(CVE-2019-18677, bsc#1156328)
* fixes HTTP Request Splitting in HTTP message processing
(CVE-2019-18678, bsc#1156323)
* fixes information disclosure in HTTP Digest Authentication
(CVE-2019-18679, bsc#1156324)
* lower cache_peer hostname - this showed up as DNS failures
if peer name was configured with any upper case characters
* TLS: Multiple SSL-Bump fixes
* TLS: Fix expiration of self-signed generated certs to be 3 years
* TLS: Fix on_unsupported_protocol tunnel action
* Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed

Created by adamm over 4 years ago
In state accepted

Submit squid

Comments for request 746661 0

Login required, please login in order to comment

Request History

adamm created request over 4 years ago

- Update to squid 4.9:
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi
(CVE-2019-13345, bsc#1140738)
* fixes heap overflow in URN processing
(CVE-2019-12526, bsc#1156326)
* fixes multiple issues in URI processing
(CVE-2019-12523, CVE-2019-18676, bsc#1156329)
* fixes Cross-Site Request Forgery in HTTP Request processing
(CVE-2019-18677, bsc#1156328)
* fixes HTTP Request Splitting in HTTP message processing
(CVE-2019-18678, bsc#1156323)
* fixes information disclosure in HTTP Digest Authentication
(CVE-2019-18679, bsc#1156324)
* lower cache_peer hostname - this showed up as DNS failures
if peer name was configured with any upper case characters
* TLS: Multiple SSL-Bump fixes
* TLS: Fix expiration of self-signed generated certs to be 3 years
* TLS: Fix on_unsupported_protocol tunnel action
* Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed

factory-auto added opensuse-review-team as a reviewer over 4 years ago

Please review sources

factory-auto accepted review over 4 years ago

Check script succeeded

licensedigger accepted review over 4 years ago

ok

staging-bot added as a reviewer over 4 years ago

Being evaluated by staging project "openSUSE:Factory:Staging:adi:33"

staging-bot accepted review over 4 years ago

Picked openSUSE:Factory:Staging:adi:33

namtrac accepted review over 4 years ago

staging-bot accepted review over 4 years ago

ready to accept

staging-bot approved review over 4 years ago

ready to accept

dimstar_suse accepted request over 4 years ago

Accept to openSUSE:Factory

openSUSE Build Service is sponsored by