CVE-2019-13345/squid3: jessie triage

author: Sylvain Beucler <beuc@beuc.net> 2019-07-07 12:02:58 +0200
committer: Sylvain Beucler <beuc@beuc.net> 2019-07-07 12:02:58 +0200
commit: 2210f008933a253c4bb719fe1b9c8b89e89ecd93 (patch)
tree: ffaa1fb512ecab1b5a0aeac0ec399ada174a3b10
parent: 2b4454c21b87181cf09cd26ccc4df3f880c4e9d1 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index a87b658485..5be5d59730 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -118,6 +118,10 @@ sqlite3
   NOTE: 20190617: A preliminary package with *just* the (presumably) CVE-2019-5827 patches backported:
   NOTE: 20190617: https://people.debian.org/~mejo/debian/jessie-security/sqlite3_3.8.7.1-1+deb8u5.dsc
 --
+squid3
+  NOTE: 20190707: 2 XSS: first one unaffected AFAICS, second one reflected
+  NOTE: 20190707: cachemgr.cgi allows sensitive operations if authenticated (beuc)
+--
 squirrelmail
   NOTE: 20190702: no patch available, upstream apparently inactive,
   NOTE: 20190702: reporter just recommends disabling HTML viewing of messages
author	Sylvain Beucler <beuc@beuc.net>	2019-07-07 12:02:58 +0200
committer	Sylvain Beucler <beuc@beuc.net>	2019-07-07 12:02:58 +0200
commit	2210f008933a253c4bb719fe1b9c8b89e89ecd93 (patch)
tree	ffaa1fb512ecab1b5a0aeac0ec399ada174a3b10
parent	2b4454c21b87181cf09cd26ccc4df3f880c4e9d1 (diff)