[Buildroot] [PATCH 1/1] package/squid: security bump to version 5.6
Fabrice Fontaine
fontaine.fabrice at gmail.com
Fri Aug 26 21:22:54 UTC 2022
Fix CVE-2021-46784: In Squid 3.x through 3.5.28, 4.x through 4.17, and
5.x before 5.6, due to improper buffer management, a Denial of Service
can occur when processing long Gopher server responses.
https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
package/squid/squid.hash | 8 ++++----
package/squid/squid.mk | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/squid/squid.hash b/package/squid/squid.hash
index e18ed8961e..22c6db8c70 100644
--- a/package/squid/squid.hash
+++ b/package/squid/squid.hash
@@ -1,6 +1,6 @@
-# From http://www.squid-cache.org/Versions/v5/squid-5.3.tar.xz.asc
-md5 9249f30169ab6600e53b4f9b8129b3b0 squid-5.3.tar.xz
-sha1 d3a8310c725616fa7565d60f3bf8fdf5fa20b15a squid-5.3.tar.xz
+# From http://www.squid-cache.org/Versions/v5/squid-5.6.tar.xz.asc
+md5 2f2201a18a0a727ab589d951ebe4f815 squid-5.6.tar.xz
+sha1 a01f47b3e9ff06245c894773de30bfd88ab14f65 squid-5.6.tar.xz
# Locally calculated
-sha256 45178588df1311ded41ebadd632840c4d93a8d7f5f60e38e74acf2f1ae2f1715 squid-5.3.tar.xz
+sha256 38d27338a347597ce0e93d0c3be6e5f66b6750417c474ca87ee0d61bb6d148db squid-5.6.tar.xz
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
diff --git a/package/squid/squid.mk b/package/squid/squid.mk
index 3847fb49dc..86a0c714c6 100644
--- a/package/squid/squid.mk
+++ b/package/squid/squid.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SQUID_VERSION = 5.3
+SQUID_VERSION = 5.6
SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
SQUID_SITE = http://www.squid-cache.org/Versions/v5
SQUID_LICENSE = GPL-2.0+
--
2.35.1
More information about the buildroot
mailing list