diff mbox series

package/squid: security bump to version 5.7

Message ID 20221018082548.1987175-1-peter@korsgaard.com
State Accepted
Headers show
Series package/squid: security bump to version 5.7 | expand

Commit Message

Peter Korsgaard Oct. 18, 2022, 8:25 a.m. UTC 
Fixes the following security issues:

- CVE-2022-41317: Exposure of Sensitive Information in Cache Manager
  https://www.openwall.com/lists/oss-security/2022/09/23/1

- CVE-2022-41318: Buffer Over Read in SSPI and SMB Authentication
  https://www.openwall.com/lists/oss-security/2022/09/23/2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/squid/squid.hash | 8 ++++----
 package/squid/squid.mk   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

Comments

Peter Korsgaard Oct. 26, 2022, 8:53 a.m. UTC | #1 
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes the following security issues:
 > - CVE-2022-41317: Exposure of Sensitive Information in Cache Manager
 >   https://www.openwall.com/lists/oss-security/2022/09/23/1

 > - CVE-2022-41318: Buffer Over Read in SSPI and SMB Authentication
 >   https://www.openwall.com/lists/oss-security/2022/09/23/2

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed, thanks.
Peter Korsgaard Nov. 5, 2022, 4:47 p.m. UTC | #2 
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes the following security issues:
 > - CVE-2022-41317: Exposure of Sensitive Information in Cache Manager
 >   https://www.openwall.com/lists/oss-security/2022/09/23/1

 > - CVE-2022-41318: Buffer Over Read in SSPI and SMB Authentication
 >   https://www.openwall.com/lists/oss-security/2022/09/23/2

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2022.08.x and 2022.02.x, thanks.
diff mbox series

Patch

diff --git a/package/squid/squid.hash b/package/squid/squid.hash
index 22c6db8c70..b00d14011e 100644
--- a/package/squid/squid.hash
+++ b/package/squid/squid.hash
@@ -1,6 +1,6 @@ 
-# From http://www.squid-cache.org/Versions/v5/squid-5.6.tar.xz.asc
-md5  2f2201a18a0a727ab589d951ebe4f815  squid-5.6.tar.xz
-sha1  a01f47b3e9ff06245c894773de30bfd88ab14f65  squid-5.6.tar.xz
+# From http://www.squid-cache.org/Versions/v5/squid-5.7.tar.xz.asc
+md5  7a3764a3c5833631a779d7827901cda7  squid-5.7.tar.xz
+sha1  141e8007d6b1cfee34654127a9ca025125b37b58  squid-5.7.tar.xz
 # Locally calculated
-sha256  38d27338a347597ce0e93d0c3be6e5f66b6750417c474ca87ee0d61bb6d148db  squid-5.6.tar.xz
+sha256  6b0753aaba4c9c4efd333e67124caecf7ad6cc2d38581f19d2f0321f5b7ecd81  squid-5.7.tar.xz
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/squid/squid.mk b/package/squid/squid.mk
index 86a0c714c6..355af0b902 100644
--- a/package/squid/squid.mk
+++ b/package/squid/squid.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-SQUID_VERSION = 5.6
+SQUID_VERSION = 5.7
 SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
 SQUID_SITE = http://www.squid-cache.org/Versions/v5
 SQUID_LICENSE = GPL-2.0+