-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Mar 2025 10:31:43 +0100 Source: squid Architecture: source Version: 4.13-10+deb11u4 Distribution: bullseye-security Urgency: high Maintainer: Luigi Gangitano <luigi@debian.org> Changed-By: Jochen Sprickerhof <jspricke@debian.org> Changes: squid (4.13-10+deb11u4) bullseye-security; urgency=high . * Non-maintainer upload by the LTS Team. . [ Roberto C. Sánchez ] * Fix CVE-2024-25111: a possible Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. * Fix CVE-2024-37894: due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. * Fix CVE-2024-45802: Disable ESI feature support. - Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This problem is fixed by changing the build configuration to specify the --disable-esi option. . [ Jochen Sprickerhof ] * Fix patch for CVE-2024-25111 and use -std=c++17 Checksums-Sha1: 50ee160432ffb871040e12df35de1c04fc086733 2780 squid_4.13-10+deb11u4.dsc eb3a76276886977a96ed190eaec17cd0dd3fd8ae 68668 squid_4.13-10+deb11u4.debian.tar.xz a112b06bb5d0ab1aa65f4d6838d1935a9fdb40e7 6070 squid_4.13-10+deb11u4_source.buildinfo Checksums-Sha256: 2feea6c5705658c15150317187b7e14bcf909a77f47840b23f4cf3ba047a589c 2780 squid_4.13-10+deb11u4.dsc 84e934d4566fbe24522db09bd5f322e3646eccd4ab3b9a6faaa147604e5e4768 68668 squid_4.13-10+deb11u4.debian.tar.xz f45f8f50f0cdafe8c2488499ff49a39867cbb6e910f0900e02582263679f1d84 6070 squid_4.13-10+deb11u4_source.buildinfo Files: 287996af1a7dd6a863f4018f9da053a4 2780 web optional squid_4.13-10+deb11u4.dsc dac4a95e37dbe50ecc024427ae10a912 68668 web optional squid_4.13-10+deb11u4.debian.tar.xz 64941561a8a5076f2859064c6f7f58af 6070 web optional squid_4.13-10+deb11u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmfQBPMUHGpzcHJpY2tl QGRlYmlhbi5vcmcACgkQW//cwljmlDP3Vg//YfymMULNfg1bdbZU3zqdPJdeyf1s PFO1iK25uvolFvkKB1Tuf5sUXxtbd7Q+HGWaT9R+QV4T1RPZMMVdXojl3AraWhlv s0LLrL2dzvodSLXaaPLd2y1TreENDlaZV0Nl9yJbJ1yKZfo2R3kR37fTBwtYhv+u 12O8vFLzYUwURl94hoNHSxGkLDZE8cs45j2EQLMyjdNd9ivUjJH3YB1UIuI2VD+C O8Ll0gScZrKmnN546ANTCcDkaespMuotHJnksVOxKSHadgt4MZXyfM1/EK4o2D6c O2JEYvDiBIsjK3lmEJ0LxyvogqtS1YnQZ/udugdGr4WWdP1YbGw5FRn0PBoKPvee mMi0NvptP8RXLddpFC3qExmO34omfbJ3nBKvoZuwTzZZW4UMlyNvBvd6Dssw0ChJ 293odwW7qIVrvIkmzXLEc/YuXJ147kOnL9Hr8J43dyZnqb0VJQioB4sNBSU4JMvX laGX0jfa+1vZE++cDup05erzkJxBTwoFkCNAAXyF+cbb4Bz405C7ysx94jbxvlqT E5xy/FlVWjjVLgHgqZrxhcvEn4Nk9OeOesC8IKtYBKqAxeVFvCiwgrEEp6MKtQBT hnAG3Y9jeubbO95t2WJw8CSZEqCsvITb1CuYH47uHxZOkoqVrTz01JKVuLIdyQDg V3yU4XVK+sRG91U= =bfwr -----END PGP SIGNATURE-----
