git.ipfire.org Git - ipfire-2.x.git/commit

squid: Update to 4.13

For details see:
http://www.squid-cache.org/Versions/v4/changesets/

and

http://lists.squid-cache.org/pipermail/squid-users/2020-August/022566.html

Fixes (excerpt):

"* SQUID-2020:8 HTTP(S) Request Splitting
   (CVE-2020-15811)

This problem is serious because it allows any client, including
browser scripts, to bypass local security and poison the browser
cache and any downstream caches with content from an arbitrary
source.

* SQUID-2020:9 Denial of Service processing Cache Digest Response
   (CVE pending allocation)

This problem allows a trusted peer to deliver to perform Denial
of Service by consuming all available CPU cycles on the machine
running Squid when handling a crafted Cache Digest response
message.

* SQUID-2020:10 HTTP(S) Request Smuggling
   (CVE-2020-15810)

This problem is serious because it allows any client, including
browser scripts, to bypass local security and poison the proxy
cache and any downstream caches with content from an arbitrary
source.

* Bug 5051: Some collapsed revalidation responses never expire

* SSL-Bump: Support parsing GREASEd (and future) TLS handshakes

* Honor on_unsupported_protocol for intercepted https_port"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

author	Matthias Fischer <matthias.fischer@ipfire.org>
	Sun, 23 Aug 2020 12:42:58 +0000 (14:42 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Mon, 24 Aug 2020 09:47:40 +0000 (09:47 +0000)
commit	9fa6a8d81dd4f3011d4bc325b965bd213fa21ebf
tree	70c2307b38961019796a521fc593ea9c9b0e26d4	tree \| snapshot
parent	0e457b13eaf61b2830919e3745df3956e2042640	commit \| diff