Debian Patches
Status for squid/6.13-2+deb13u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Default-configuration-file-for-debian.patch | Default configuration file for debian | Amos Jeffries <amosjeffries@squid-cache.org> | not-needed | 2023-06-19 | ||
| 0002-Change-default-file-locations-for-debian.patch | Change default file locations for debian | Luigi Gangitano <luigi@debian.org> | not-needed | 2023-06-19 | ||
| 0005-Use-RuntimeDirectory-to-create-run-squid.patch | Use RuntimeDirectory to create /run/squid Instead of installing the /run/squid directory, which goes against Debian Policy, we instruct systemd to automatically create it for us when the service is started. |
Sergio Durigan Junior <sergiodj@debian.org> | no | 2020-05-11 | ||
| 0006-upstream-807ae4df2164defbb5f59b99282e24010b4a0b85.patch | Check mishandles cases where the listening port hostname does not match the request-target hostname.=================================================================== | Amos Jeffries <amosjeffries@squid-cache.org> | not-needed | 2023-07-08 | ||
| CVE-2025-62168.patch | Bug 3390: Proxy auth data visible to scripts (#2249) Original changes to redact credentials from error page %R code expansion output was incomplete. It missed the parse failure case where ErrorState::request_hdrs raw buffer contained sensitive information. Also missed was the %W case where full request message headers were generated in a mailto link. This case is especially problematic as it may be delivered over insecure SMTP even if the error was secured with HTTPS. After this change: * The HttpRequest message packing code for error pages is de-duplicated and elides authentication headers for both %R and %W code outputs. * The %R code output includes the CRLF request message terminator. * The email_err_data directive causing advanced details to be added to %W mailto links is disabled by default. Also redact credentials from generated TRACE responses. |
Amos Jeffries <yadij@users.noreply.github.com> | no | 2025-10-11 | ||
| CVE-2025-59362.patch | Fix ASN.1 encoding of long SNMP OIDs (#2149) | Alex Rousskov <rousskov@measurement-factory.com> | yes | upstream | https://github.com/squid-cache/squid/commit/0d89165ee6da10e6fa50c44998b3cd16d59400e9 | 2025-08-30 |
| CVE-2026-33515.patch | ICP: Fix validation of packet sizes and URLs (#2220) | Joshua Rogers <MegaManSec@users.noreply.github.com> | no | 2026-02-12 | ||
| CVE-2026-33526.patch | Do not escape malformed URI twice when sending ICP errors (#2374) | Joshua Rogers <megamansec@gmail.com> | no | 2026-02-10 | ||
| CVE-2026-47729.patch | Improve parsing of certain FTP directory listing formats (#2408) (#2409) | squidadm <squidadm@users.noreply.github.com> | no | 2026-05-17 | ||
| CVE-2026-50012.patch | Fix -Wsign-compare on arm32 (#2432) | Francesco Chemolli <5175948+kinkie@users.noreply.github.com> | no | 2026-06-02 |
All known versions for source package 'squid'
- 7.6-2 (sid)
- 7.6-1 (forky)
- 6.13-2+deb13u2 (trixie-security, trixie-proposed-updates)
- 6.13-2+deb13u1 (trixie)
- 5.7-2+deb12u5 (bookworm)
- 5.7-2+deb12u4 (bookworm-security)