From unknown Thu Aug 14 12:23:18 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#47142 <47142@debbugs.gnu.org> To: bug#47142 <47142@debbugs.gnu.org> Subject: Status: squid package vulnerable to CVE-2021-28116 Reply-To: bug#47142 <47142@debbugs.gnu.org> Date: Thu, 14 Aug 2025 19:23:18 +0000 retitle 47142 squid package vulnerable to CVE-2021-28116 reassign 47142 guix submitter 47142 Mark H Weaver severity 47142 normal tag 47142 security thanks From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 14 17:36:14 2021 Received: (at submit) by debbugs.gnu.org; 14 Mar 2021 21:36:14 +0000 Received: from localhost ([127.0.0.1]:34331 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lLYPG-0002xv-Ht for submit@debbugs.gnu.org; Sun, 14 Mar 2021 17:36:14 -0400 Received: from lists.gnu.org ([209.51.188.17]:54356) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lLYPE-0002xn-VE for submit@debbugs.gnu.org; Sun, 14 Mar 2021 17:36:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55596) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLYPD-0008OU-Kq for bug-guix@gnu.org; Sun, 14 Mar 2021 17:36:12 -0400 Received: from world.peace.net ([64.112.178.59]:55708) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLYPC-0003FF-6K for bug-guix@gnu.org; Sun, 14 Mar 2021 17:36:11 -0400 Received: from mhw by world.peace.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lLYPA-00015o-NU; Sun, 14 Mar 2021 17:36:08 -0400 From: Mark H Weaver To: bug-guix@gnu.org Subject: squid package vulnerable to CVE-2021-28116 References: Date: Sun, 14 Mar 2021 17:34:38 -0400 Message-ID: <87czw1s9km.fsf@netris.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=64.112.178.59; envelope-from=mhw@netris.org; helo=world.peace.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: =?utf-8?Q?L=C3=A9o?= Le Bouter X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten. Mark -------------------- Start of forwarded message -------------------- Subject: squid package vulnerable to CVE-2021-28116 From: L=C3=A9o Le Bouter To: guix-devel@gnu.org Date: Wed, 10 Mar 2021 01:22:51 +0100 --=-=-= Content-Type: multipart/signed; boundary="==-=-=" --==-=-= Content-Type: text/plain; charset=utf-8 Content-Disposition: inline CVE-2021-28116 09.03.21 23:15 Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. Upstream did not release a patch yet. CVE entry to be monitored for a fix. https://www.zerodayinitiative.com/advisories/ZDI-21-157/ - says it is a low impact issue. --==-=-= Content-Type: application/pgp-signature; name=signature.asc Content-Transfer-Encoding: base64 Content-Description: This is a digitally signed message part LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUVGSXZMaTlnTCt4 YXgzZzZSUmFpeDZHdk5FS1lGQW1CSUVWc0FDZ2tRUmFpeDZHdk4KRUthRU5nLy9XSEZmWHpCWGlV QzEwRm9qWnlHWUJwUnNaNjMyNXNqMlZLb2sycThlQTFLa0Vkbk1Xd2FHc2J4Qwo4Tmw3bXBveHBY QjdGcndmamR1QzhBeWsrOW9GS2h3WVhCSTZnN1hkdWFvUWpFK3hVZ3ROSnBVSDBwWU5QVTNkCldt RG1PUkpORnc1VVd1NUFoMElvSnhFdWJYLytNOEhrZHBqc015ZFhpTmZFU2dVT1hoUFJ2VXhmREpm RlFBbGkKdkp2cHkxVGRrUDFVdlBxM01lWVU4WTZwNGJac05DekFkWGg1c0UveWthYjkzaWg0MFR2 aFUvdk9MTVQrZXRrRApsQVhpaW1qOUxUMnloZWFYT05UQ1ZERHpCd25ybGhZY3IxVnZCWWhEVGJN UTFGcDJreHpFSU5YVm9mZ3VFYnRWCjdNRU5jdjBtdEVFQXhJRkVXNGpOb25oZHdMZ2lpbENZSW8z VUdPcGhDdXJYWkE2NjVlZFdnRkxFZC96dEk4VkEKOFF2eXFxVkphZ3V0QkpGUDRSMjg2T0JlQnp1 UXFmTk96RmtaWkNFelhsaERuQmlzbnhmU2U1dDZ0OUtwMElMQwplOSs2S0R1NEp2aGp3dXhISVZO ZGQ0eFhCL2htVUZ6bmtiVENIaWdac1YzOXR1T1Y3SzdISEcraEl5aFh6VUx0CktoQ1dIc2NRL2dm cDdYVUhtY2ZHeHZJWGdFcWtiSnZWK0tobmVyQkhmakwraFNiSFA0RVgzSWFWRDE1TThvakQKVUtV VmEzSnFwSXpuUENiWC9sdDNvVzZWampXNmN1K0V3SGhXbVBiMEVtWVptcG5raGJ6M05IZ2RIWnpU QW52ZgpVTFBxZkllbHBNRVF4cDNUbUFUNDN4OFhZMkRsTDJOeGZPRE8vcFgwNlYvVXhYM1lBUGM9 Cj0xZ1B1Ci0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --==-=-=-- --=-=-= Content-Type: text/plain -------------------- End of forwarded message -------------------- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 15 09:43:18 2021 Received: (at control) by debbugs.gnu.org; 15 Mar 2021 13:43:18 +0000 Received: from localhost ([127.0.0.1]:35092 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lLnV8-0007DO-9j for submit@debbugs.gnu.org; Mon, 15 Mar 2021 09:43:18 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51412) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lLnV6-0007D6-EZ for control@debbugs.gnu.org; Mon, 15 Mar 2021 09:43:16 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:40717) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lLnV1-0005Aa-83 for control@debbugs.gnu.org; Mon, 15 Mar 2021 09:43:11 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=45748 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lLnV0-0001z3-Np for control@debbugs.gnu.org; Mon, 15 Mar 2021 09:43:11 -0400 Date: Mon, 15 Mar 2021 14:43:09 +0100 Message-Id: <87o8fkh6s2.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #47142 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) tags 47142 + security quit From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 24 00:06:33 2021 Received: (at control) by debbugs.gnu.org; 24 Mar 2021 04:06:33 +0000 Received: from localhost ([127.0.0.1]:33694 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lOumu-0005lF-Sj for submit@debbugs.gnu.org; Wed, 24 Mar 2021 00:06:33 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:54559) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lOumu-0005l0-0L for control@debbugs.gnu.org; Wed, 24 Mar 2021 00:06:32 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 00DAB5C00A6; Wed, 24 Mar 2021 00:06:27 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Wed, 24 Mar 2021 00:06:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:message-id:mime-version:content-type; s=mesmtp; bh=cUzHWhlGR3wC+bHCNkVYv1pLnZKlAmeM2w5IIOGJO/Q=; b=hYoywwDcb45H +FnMoujfkLjlL2O862lHA5gu19YnLcGkyedy4g2r+8zkuxkV/0wCDl3ZYARsyaoQ gncttRvwfOB0FMOE2wn2BZGKsMDDR2NHFRvDuLmgLVE9W73e+f1eYRNLEHxLS4t2 q5jQWE6lWCJQQtJYSFhL1sFjiC5+NHU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=cUzHWhlGR3wC+bHCNkVYv1pLnZKlAmeM2w5IIOGJO /Q=; b=oBY0abGUV0V94XVxdUGYaDcNx44jbdINXGMiVoENwErL1yEyiGyJbPQDK KgbgNvQpHxuXtUvKddIOXBy+bW7zjdDZ6pCHF1UvgbbVyy7zARHXbgQJjqfnkoCp ZyzdR6eTojVI18aQnLJahMvztuvcnJvvpZ3JTPK5cXLzOGKf87Wa1h8WokpQfozP 1NG4H8Sc6HYjzRVTP+1Q0xA/mhIJKoETs8nKC9USahQ11JAQbaqB1Cpn6Y8s9xG7 U/fZIKBTlgGmSup44lnPYSzJwJd7bhKfPY19kMaWM7TtSioka1WU9C9wWYCuy6Z+ nmVqk+OOVCF+IbVpUS0FVk6RCNd4Q== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudegjedgieejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucfgmhhpthihuchsuhgsjhgvtghtucdluddtmdenuc fjughrpeffhffvkfggtggusehttdertddttddvnecuhfhrohhmpefnvghoucfhrghmuhhl rghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpe fhjeeigfefvedvfeetheegledtkeevuddtgedtudeiteehteegvdefffduffefffenucfk phepuddttddruddurdduieelrdduudeknecuvehluhhsthgvrhfuihiivgeptdenucfrrg hrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net [100.11.169.118]) by mail.messagingengine.com (Postfix) with ESMTPA id C6F7224041D for ; Wed, 24 Mar 2021 00:06:26 -0400 (EDT) Date: Wed, 24 Mar 2021 00:06:25 -0400 From: Leo Famulari To: control@debbugs.gnu.org Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Score: 2.3 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: block 47297 with 47140 block 47297 with 47141 block 47297 with 47142 block 47297 with 47143 block 47297 with 47144 Content analysis details: (2.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [66.111.4.25 listed in wl.mailspike.net] -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [66.111.4.25 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 1.8 MISSING_SUBJECT Missing Subject: header 0.2 NO_SUBJECT Extra score for no subject 1.0 BODY_EMPTY No body text in message X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: block 47297 with 47140 block 47297 with 47141 block 47297 with 47142 block 47297 with 47143 block 47297 with 47144 Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [66.111.4.25 listed in wl.mailspike.net] -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [66.111.4.25 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager 1.8 MISSING_SUBJECT Missing Subject: header 0.2 NO_SUBJECT Extra score for no subject 1.0 BODY_EMPTY No body text in message block 47297 with 47140 block 47297 with 47141 block 47297 with 47142 block 47297 with 47143 block 47297 with 47144 From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 05 16:43:00 2021 Received: (at 47142) by debbugs.gnu.org; 5 Apr 2021 20:43:00 +0000 Received: from localhost ([127.0.0.1]:38722 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lTW3o-0004l8-5u for submit@debbugs.gnu.org; Mon, 05 Apr 2021 16:43:00 -0400 Received: from mail.zaclys.net ([178.33.93.72]:43589) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lTW3k-0004ks-Mx for 47142@debbugs.gnu.org; Mon, 05 Apr 2021 16:42:57 -0400 Received: from [192.168.1.115] (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 135Kgo6G055791 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <47142@debbugs.gnu.org>; Mon, 5 Apr 2021 22:42:50 +0200 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 135Kgo6G055791 Authentication-Results: mail.zaclys.net; dmarc=fail (p=reject dis=none) header.from=zaclys.net Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1617655370; bh=3Q1iNFI19wr/HaovmgYaoEfpb0mzM+GgDd1nTAmSLxg=; h=Subject:From:To:Date:From; b=gnRysIclVYhNwte9mSCGPOqO+F/U048YN6q4qCOVNIFfnjZzLxvTl14gylLPxmgmB 50Nsni3N/pSxqVrskZZHPju5F4MO9O1hnxVpm9QYLeqyNyiNbfCZXqZEIuiyZVjT0z aMJ1gMARvCZ9CogAWVLhIy04bmJ8JR76VCllw7T8= Message-ID: <4cde9f87826dd847af036646f5332f893b903fe2.camel@zaclys.net> Subject: squid package vulnerable to CVE-2021-28116 From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: 47142@debbugs.gnu.org Date: Mon, 05 Apr 2021 22:42:40 +0200 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-5rEF1EtJ/lrUdeXag8Xz" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 47142 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-5rEF1EtJ/lrUdeXag8Xz Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Still no fix available from upstream (unclear) --=-5rEF1EtJ/lrUdeXag8Xz Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBrdkAACgkQRaix6GvN EKbCVQ/+M5JRYKZ4srtBgEGUZOdkPjGx8ng4ZOkZLDKmNp7Gm7OyJCdLbP9WPcc1 NwcNXdXICMJjrALbOjOGyGkn7szIe7UVDMGQ701T36oeDPeA2feOjwy3QlRZcv4Q ScN1qsfb7Or2UmnfaJoSmDXuzXu/3u8xQIjJI0QDIctXdGJD2XrIpgLsRjX1pR43 VFfFAdomxInNRN2M0EA0JDvvoMMMqQUzPUcJ+9KVIDTkHQXUZRhzGP5f3vn3Jis4 Gv69k7Fn5rntUc7Pz9FaM6tc+sHbynG95103uVI2JCV0NA47ZhtLpNnvEDrMwB3H 6cUPLs1++DxOhbhYn+Ck98cFCmPp4gz7g20V/Vw08GnswiIikmkIUW0Zoy/C/ycI gR1PDW4rW5Zkq1ponvjqGManqLWTCyaHKsywXqSgadwYqccyJXLjmqEa4UPnh+pT JJCuhBSt1XymDVzdipGKNwenpYJGrOtsAnvwET3VqGTu9Ig6+aJdHfBp6PFod7FA FgEOSMZEfUSVpRyjFAt/FVVGku4F/LlyCk9Qb0eSvGGKCiJkrkZfXftvN46iVDQz fhOqgDZRfd+UeZGgBtS7OLbtXh9+EPNlwMwrQJv9OKx2FbRdDpfEG1qZzefjtXjy H2fUYUhL8L4KtKVRxFk5eaRY/LVuantT3fa/iHMbb2NUp54xZiQ= =7PtE -----END PGP SIGNATURE----- --=-5rEF1EtJ/lrUdeXag8Xz-- From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 10 14:47:16 2021 Received: (at control) by debbugs.gnu.org; 10 Apr 2021 18:47:16 +0000 Received: from localhost ([127.0.0.1]:53281 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lVIdX-0001nk-UA for submit@debbugs.gnu.org; Sat, 10 Apr 2021 14:47:16 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:42905) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lVIdW-0001nW-8N for control@debbugs.gnu.org; Sat, 10 Apr 2021 14:47:14 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 19B535C00E5; Sat, 10 Apr 2021 14:47:09 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Sat, 10 Apr 2021 14:47:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:message-id:mime-version:content-type; s=mesmtp; bh=Ezbxtl3CdZ0LT1mGpC5rPMXfGyBxroXatIswo2xRVTA=; b=0w7Fxd7UiL5H M7vP4nColUHzfNuBDYGowUBFAo9f5o3LAcyFj6/CrfHVerYUchquZ/8+c518NmKm RysH8jRyB4N6CePgW/RWfomAcc78FYd7SIqMEZSmStPBrmC5RgvnQC8ue4mtCPrs XD6gw4BjCazp956xrvokv5Jwy5hwXF4= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=Ezbxtl3CdZ0LT1mGpC5rPMXfGyBxroXatIswo2xRV TA=; b=LdHJsJSQYd75iDUP/L/htSkRdllOjASWClU2KoWu2KZTo3h1f18uTifUK 8Z0uV3rK3nj1bKkqAmZDKQXYabH51vumy/iXPpDcHN+oU9Wxon1CCZN7HWXowatX hat9XU4qBw9wQyqaF7dn1V8eVV3b7I38uZ9DROihgsdWMngUp2WbDXsenS3E+IQ9 yl1k0Uy51vS6Rud3Hsj9yshysNU6uPxC/yyWdT0SldBV6eeuFIvtwx7CIheocAeW pZf9xZHcLze3AHeaqkSPQHb+6Dd/R9Us3jME34hrlI3z/F8s7wrrKjXLSG6muzPm PM7mgN+WxedDLHmj7GRot1e/T3i4A== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudekfedgudefudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd engfhmphhthicushhusghjvggtthculddutddmnecujfgurhepfffhvffkgggtugesthdt redttddtvdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulh grrhhirdhnrghmvgeqnecuggftrfgrthhtvghrnhephfejiefgfeevvdefteehgeeltdek vedutdegtdduieetheetgedvfeffudfffeffnecukfhppedutddtrdduuddrudeiledrud dukeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehl vghosehfrghmuhhlrghrihdrnhgrmhgv X-ME-Proxy: Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net [100.11.169.118]) by mail.messagingengine.com (Postfix) with ESMTPA id 2560924005C for ; Sat, 10 Apr 2021 14:47:08 -0400 (EDT) Date: Sat, 10 Apr 2021 14:47:06 -0400 From: Leo Famulari To: GNU bug tracker automated control server Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: unblock 47297 with 47142 Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [66.111.4.27 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) [66.111.4.27 listed in wl.mailspike.net] 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 1.8 MISSING_SUBJECT Missing Subject: header 0.2 NO_SUBJECT Extra score for no subject X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.3 (/) unblock 47297 with 47142 From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 22 23:06:09 2022 Received: (at 47142-done) by debbugs.gnu.org; 23 Mar 2022 03:06:09 +0000 Received: from localhost ([127.0.0.1]:42334 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nWrK2-0001W6-9l for submit@debbugs.gnu.org; Tue, 22 Mar 2022 23:06:09 -0400 Received: from mail-qt1-f178.google.com ([209.85.160.178]:38669) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nWrJx-0001Va-Cc for 47142-done@debbugs.gnu.org; Tue, 22 Mar 2022 23:06:04 -0400 Received: by mail-qt1-f178.google.com with SMTP id v2so216678qtc.5 for <47142-done@debbugs.gnu.org>; Tue, 22 Mar 2022 20:06:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=EhOCHhBi11HxYXqIAIspD61aI/90HgcVynBfWH0DxoU=; b=ZVS5CBgptco+2lwx5qAde/FKgRH25Qf243fSVoeSX4Tm5sOecBwE2ZVlcrgN3I4qbr QdAP2JuobBlhv8+wXQwA21NMbDAJNcKXr6w2koLlGeAbr9kQoOBIc6kYuEMBStNsJ3ZA BMBurZPBfAjRL9IKbobhAT11rUVhMqIr0LQvb4Gqv2E4yZTp0ufZOOV6qL0ldXUER9LI +p6VnwBkU0dhepthQnqOuobyRC01X7glY23ZKkGiyaU0O8KEudsugWyAvZURnTe1T+EA Fs9cLUzPlLfE7sKkyifUqegSJKOTlnfB5XTwpObHG6ONrcx+YDKdyBlEXrJy571kC+SN 418g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=EhOCHhBi11HxYXqIAIspD61aI/90HgcVynBfWH0DxoU=; b=pQAlGUMhO9U25C/5pleT5DP73BTBpljG22hgKNlTrhylgv3QKaFmkkWIl1RhRrLQA5 4fxCge8PR+aCFo+RA1xT67cSCGolK7ysrhTK+G5M7mXVhoHCDrVwHRh8xNvrhFtxfa+x GEqcgnbj6Da17eiG2+RZ70xbPOYV1pWZmLRwEM84wLU0wkz/a2fjM5fxIBX3FxuKgHuD MlrwHJnkHUlAcCoI/Z+OOWWxiKNf5c/Nj/F2EPIMeKl4CsmMLbiX/ZcoilzAP+r5ea1k 7CCJ19OWptQxauiNgmddWklWpB58jWIF9adQrP9JMj1P40X14KYg0dqNXDP9PiD5uRo6 Lfdg== X-Gm-Message-State: AOAM533CM1nPfWdmAnsXAO3y8nKum11841+29OYIHQV5Ke2CIiwAQHLz nV2qo7GCMxhb+sskBoNshKLjrYAG0q0= X-Google-Smtp-Source: ABdhPJxywAYud9a9gY3Io6rHV1cdkP0eqN/kvJjQlljdAiwEClyqWZzX2p4CefahiU8NGyZp1+0LPA== X-Received: by 2002:a05:622a:1184:b0:2e1:ec97:11bc with SMTP id m4-20020a05622a118400b002e1ec9711bcmr21833313qtk.221.1648004755994; Tue, 22 Mar 2022 20:05:55 -0700 (PDT) Received: from hurd (dsl-10-129-199.b2b2c.ca. [72.10.129.199]) by smtp.gmail.com with ESMTPSA id m3-20020a05622a118300b002e1beed4908sm15577502qtk.3.2022.03.22.20.05.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Mar 2022 20:05:55 -0700 (PDT) From: Maxim Cournoyer To: Mark H Weaver Subject: Re: bug#47142: squid package vulnerable to CVE-2021-28116 References: <87czw1s9km.fsf@netris.org> Date: Tue, 22 Mar 2022 23:05:54 -0400 In-Reply-To: <87czw1s9km.fsf@netris.org> (Mark H. Weaver's message of "Sun, 14 Mar 2021 17:34:38 -0400") Message-ID: <87ils5z7u5.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 47142-done Cc: =?utf-8?Q?L=C3=A9o?= Le Bouter , 47142-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, Mark H Weaver writes: > I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten. > > Mark > > -------------------- Start of forwarded message -------------------- > Subject: squid package vulnerable to CVE-2021-28116 > From: L=C3=A9o Le Bouter > To: guix-devel@gnu.org > Date: Wed, 10 Mar 2021 01:22:51 +0100 > > CVE-2021-28116 09.03.21 23:15 > Squid through 4.14 and 5.x through 5.0.5, in some configurations, We're now using squid 4.17. Closing. Thanks, Maxim From unknown Thu Aug 14 12:23:18 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 20 Apr 2022 11:24:10 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator