Information on source package squid3

Available versions

ReleaseVersion
wheezy3.1.20-2.2+deb7u4
wheezy (security)3.1.20-2.2+deb7u8
jessie3.4.8-6+deb8u4
jessie (security)3.4.8-6+deb8u5
stretch (security)3.5.23-5+deb9u1
buster3.5.27-1
sid3.5.27-1

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2016-3948vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedSquid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds ...
CVE-2016-3947vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedHeap-based buffer overflow in the Icmp6::Recv function in ...
CVE-2016-2570vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedThe Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x ...
CVE-2016-2569vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedSquid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append ...
CVE-2014-9749vulnerable (no DSA)fixedfixedfixedfixedSquid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest ...
CVE-2014-7142vulnerable (no DSA)fixedfixedfixedfixedThe pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain ...
CVE-2014-7141vulnerable (no DSA)fixedfixedfixedfixedThe pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain ...
CVE-2014-6270vulnerable (no DSA)fixedfixedfixedfixedOff-by-one error in the snmpHandleUdp function in snmp_core.cc in ...

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
CVE-2018-1172vulnerablevulnerablevulnerablevulnerablevulnerableThis vulnerability allows remote attackers to deny service on ...
CVE-2016-2390vulnerablevulnerablefixedfixedfixedThe FwdState::connectedToPeer method in FwdState.cc in Squid before ...
CVE-2015-3455vulnerablevulnerablefixedfixedfixedSquid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, ...
CVE-2014-0128vulnerablefixedfixedfixedfixedSquid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is ...
CVE-2009-0801vulnerablefixedfixedfixedfixedSquid, when transparent interception mode is enabled, uses the HTTP ...

Resolved issues

BugDescription
TEMP-0000000-589A35"slowloris" denial-of-service vulnerabilty in webservers
CVE-2018-1000027The Squid Software Foundation Squid HTTP Caching Proxy version prior ...
CVE-2018-1000024The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to ...
CVE-2016-5408Stack-based buffer overflow in the munge_other_line function in ...
CVE-2016-4556Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x ...
CVE-2016-4555client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before ...
CVE-2016-4554mime_header.cc in Squid before 3.5.18 allows remote attackers to ...
CVE-2016-4553client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not ...
CVE-2016-4054Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows ...
CVE-2016-4053Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to ...
CVE-2016-4052Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and ...
CVE-2016-4051Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and ...
CVE-2016-2572http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after ...
CVE-2016-2571http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with ...
CVE-2016-10003Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 ...
CVE-2016-10002Incorrect processing of responses to If-None-Modified HTTP conditional ...
CVE-2015-5400Squid before 3.5.6 does not properly handle CONNECT method peer ...
CVE-2015-0881CRLF injection vulnerability in Squid before 3.1.1 allows remote ...
CVE-2014-3609HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 ...
CVE-2013-4123client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before ...
CVE-2013-4115Buffer overflow in the idnsALookup function in dns_internal.cc in ...
CVE-2013-1839The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x ...
CVE-2013-0189cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and ...
CVE-2012-5643Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid ...
CVE-2011-4096The idnsGrokReply function in Squid before 3.1.16 does not properly ...
CVE-2011-3205Buffer overflow in the gopherToHTML function in gopher.cc in the ...
CVE-2010-3072The string-comparison functions in String.cci in Squid 3.x before ...
CVE-2010-2951dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not ...
CVE-2010-0639The htcpHandleTstRequest function in htcp.c in Squid 2.x before ...
CVE-2010-0308lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through ...
CVE-2009-2855The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 ...
CVE-2009-2622Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote ...
CVE-2009-2621Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not ...
CVE-2009-0478Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 ...

Security announcements

DSA / DLADescription
DSA-4122-1squid3 - security update
DSA-4122-1squid3 - security update
DLA-1266-1squid3 - security update
DLA-763-1squid3 - security update
DSA-3745-1squid3 - security update
DSA-3625-1squid3 - security update
DLA-556-1squid3 - security update
DLA-478-1squid3 - security update
DSA-3522-1squid3 - security update
DSA-3522-1squid3 - security update
DLA-445-2squid3 - regression update
DLA-445-1squid3 - security update
DSA-3327-1squid3 - security update
DSA-3327-1squid3 - security update
DLA-286-1squid3 - security update
DLA-45-1squid3 - security update
DSA-3014-1squid3 - security update
DSA-2631-1squid3 - denial of service
DSA-2381-1squid3 - invalid memory deallocation
DSA-2304-1squid3 - buffer overflow
DSA-2304-1squid3 - buffer overflow
DSA-2111-1squid3 - denial of service
DSA-1991-1squid squid3 - denial of service
DSA-1991-1squid squid3 - denial of service
DSA-1843-2squid3 - regression fix
DSA-1843-1squid3 - denial of service
DSA-1732-1squid3 - denial of service

Search for package or bug name: Reporting problems