CVE-2021-41611

NameCVE-2021-41611
DescriptionSQUID-2021:6 Improper Certificate Validation of TLS server certificates
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
squid (PTS)buster, buster (security)4.6-1+deb10u6fixed
bullseye4.13-10fixed
bookworm, sid5.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
squidsourcebuster(not affected)
squidsourcebullseye(not affected)
squidsource(unstable)5.2-1

Notes

[bullseye] - squid <not-affected> (Vulnerable code introduced later)
[buster] - squid <not-affected> (Vulnerable code introduced later)
https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r
Fixed by: http://www.squid-cache.org/Versions/v5/changesets/squid-5-533b4359f16cf9ed15a6d709a57a4b06e4222cfe.patch

Search for package or bug name: Reporting problems