enterprise-support team mailing list archive

[Launchpad Bug Tracker <2073322@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package squid - 6.10-0ubuntu0.24.04.1

---------------
squid (6.10-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream version 6.10 (LP: #2073322):
    - Fix issue where successful tunnels were being logged as TCP_TUNNEL/500.
    - Fix a logic error when starting squid with the -a option, which could
      lead to a crash.
    - Fix marking of problematic cached IP addresses.
    - For a comprehensive list of changes, please see
      https://www.squid-cache.org/Versions/v6/squid-6.10-RELEASENOTES.html.
  * d/u/signing-key.asc: update keyring file. (Closes: #1084734)
  * Dropped changes:
    - SECURITY UPDATE: DoS via chunked decoder uncontrolled recursion bug
      + debian/patches/CVE-2024-25111.patch: fix infinite recursion in
        src/http.cc, src/http.h.
      + CVE-2024-25111
      [ Fixed in 6.8 ]
    - SECURITY UPDATE: DoS in ESI processing using multi-byte characters
      + debian/patches/CVE-2024-37894.patch: fix variable datatype to handle
        variables names outside standard ASCII characters
      + CVE-2024-37894
      [ Fixed in 6.10 ]

 -- Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>  Mon, 09 Sep 2024
10:32:37 -0300

** Changed in: squid (Ubuntu Noble)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-25111

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to squid in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2073322

Title:
  Upstream microrelease 6.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid/+bug/2073322/+subscriptions