Yes, the reporter provides additional background on the official CVE reporting into https://www.openwall.com/lists/oss-security/2023/10/11/3
> Although some of the issues have been fixed, the majority (35) remain
> valid. The majority have not been assigned CVEs, and no patches or
> workarounds are available.
>
> After two and a half years of waiting, I have decided to release the issues
> publicly. The Squid Project is aware of this release.
> I am including tasks for the squid deb package as well since it seems to be affected.
Would you have pointer to the task tracking the squid deb package updates ?
> I suppose there is no need for this to be private since the vulnerabilities have been disclosed upstream, but I will leave this to someone in the security team to assess.
Thanks Athos for your prompt answer !
> I suppose that the CVEs for the mentioned vulnerabilities were not release yet, is this right? /cve.mitre. org/cgi- bin/cvekey. cgi?keyword= squid
>
> I could find no October 2023 entries in https:/
Yes, the reporter provides additional background on the official CVE reporting into /www.openwall. com/lists/ oss-security/ 2023/10/ 11/3
https:/
> Although some of the issues have been fixed, the majority (35) remain
> valid. The majority have not been assigned CVEs, and no patches or
> workarounds are available.
>
> After two and a half years of waiting, I have decided to release the issues
> publicly. The Squid Project is aware of this release.
> I am including tasks for the squid deb package as well since it seems to be affected.
Would you have pointer to the task tracking the squid deb package updates ?
> I suppose there is no need for this to be private since the vulnerabilities have been disclosed upstream, but I will leave this to someone in the security team to assess.
+1 for making it public, sorry if I misqualified