From owner-freebsd-ports@freebsd.org  Mon Aug 31 15:19:56 2020
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id E89213C426B
 for <freebsd-ports@mailman.nyi.freebsd.org>;
 Mon, 31 Aug 2020 15:19:56 +0000 (UTC) (envelope-from freebsd@grem.de)
Received: from mail.evolve.de (mail.evolve.de [213.239.217.29])
 (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits))
 (Client CN "mail.evolve.de", Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4BgDQh0Ryvz4dYh;
 Mon, 31 Aug 2020 15:19:55 +0000 (UTC) (envelope-from freebsd@grem.de)
Received: by mail.evolve.de (OpenSMTPD) with ESMTP id c1c24b92;
 Mon, 31 Aug 2020 15:13:14 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=grem.de; h=content-type
 :content-transfer-encoding:mime-version:subject:from:in-reply-to
 :date:cc:message-id:references:to; s=20180501; bh=2ewHZM4F8uqI0E
 rZOdb2QeDmgDM=; b=c1TQrkAZUY02Z4e8A7frlQ9EUfeCToKBCzEDs55ot/Pyv+
 Bch1Wt/U2gOwItva+Pgq/ayNOOPsRj8nBpsRfrQ/8xSYCTB/2tDnX9f+5bQXuv4+
 CKZe5xme0yHXevaM7W8ca0+eq0PwlLJAPryRXHYSL/GUzUA5zw92qnsTFIDrW3wU
 sPZHVo6bk464LAZ8SK3Jr+PE1M7TIZrjsryRaGomkqH3i8p/mcGI9IN/kltg4Ew5
 kAy6ssnDJAWlVcmfXXpE8Wqn8gt2F1wIq2xFBNQAezW75gm9Ci/0YxwkqjTGUpSs
 GO3wTAK1V6utRNpfegbyr0Bc5PL0t4xedw9niIXA==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=grem.de; h=content-type
 :content-transfer-encoding:mime-version:subject:from:in-reply-to
 :date:cc:message-id:references:to; q=dns; s=20180501; b=hEqigp3A
 HTcXrDbvtJ8458uU6cTAtdKonU7WfsmZmhbNdZL+FiDiVZ6h9z1yOFrxIiTGfZgW
 XLub7s37MqnKKQhoFRRQ6MEaiRCjNs0vcZM8pgmJ0laZka2fulUFACL3OpoVvSm2
 YXg43Klz8SLWuQWRMYl0gdN4dmX7ualaM9x9ZcyDvD54yOUfPaA8H7oOuh9UHzZI
 dc3S++zYLY5YpnuXdL9n1ornWyMqh7P+cAPc3BS+eZLCcBsTSU7Mte/qsgBbxLof
 XozvRewS6FGESpMmnPwi1HXZgYCxDefXEnyqlVecOfXjPPncJrIHFN4+A0TXHPmb
 dZ/u3q1WOxX7LA==
Received: by mail.evolve.de (OpenSMTPD) with ESMTPSA id eabb56ee
 (TLSv1.2:ECDHE-RSA-CHACHA20-POLY1305:256:NO); 
 Mon, 31 Aug 2020 15:13:13 +0000 (UTC)
Mime-Version: 1.0 (1.0)
Subject: Re: Squid 4.13 (security update)
From: Michael Gmelin <freebsd@grem.de>
In-Reply-To: <20200831143046.GW3539@home.opsec.eu>
Date: Mon, 31 Aug 2020 17:13:13 +0200
Cc: Andrea Venturoli <ml@netfence.it>, timp87@gmail.com,
 FreeBSD-ports@freebsd.org
Message-Id: <47053238-64B8-4404-B2C1-E758A23665EC@grem.de>
References: <20200831143046.GW3539@home.opsec.eu>
To: Kurt Jaeger <pi@freebsd.org>
X-Mailer: iPhone Mail (17G80)
X-Rspamd-Queue-Id: 4BgDQh0Ryvz4dYh
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=grem.de header.s=20180501 header.b=c1TQrkAZ;
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of freebsd@grem.de designates 213.239.217.29
 as permitted sender) smtp.mailfrom=freebsd@grem.de
X-Spamd-Result: default: False [-2.80 / 15.00]; RCVD_TLS_ALL(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 R_DKIM_ALLOW(-0.20)[grem.de:s=20180501];
 MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[4]; MV_CASE(0.50)[];
 R_SPF_ALLOW(-0.20)[+ip4:213.239.217.29/32];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 DMARC_NA(0.00)[grem.de]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[];
 NEURAL_HAM_LONG(-1.01)[-1.013]; RCVD_COUNT_THREE(0.00)[3];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[grem.de:+];
 NEURAL_HAM_SHORT(-0.76)[-0.760];
 NEURAL_HAM_MEDIUM(-1.03)[-1.028]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE];
 FREEMAIL_CC(0.00)[netfence.it,gmail.com,freebsd.org];
 MAILMAN_DEST(0.00)[FreeBSD-ports]
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.33
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2020 15:19:57 -0000



> On 31. Aug 2020, at 16:31, Kurt Jaeger <pi@freebsd.org> wrote:
>=20
> =EF=BB=BFHi!
>=20
>> I see Squid 4.13 was released 8 days ago: it's "strongly suggested"
>> everyone updates, as it fixes "serious" security issues.
>>=20
>> I don't see it coming in the port tree and neither in the pkg audit
>> vulnerability database.
>=20
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248856
>=20
> has a patch from the maintainer. @work
>=20

CVEs should be:
CVE-2020-15810 and
CVE-2020-15811

https://access.redhat.com/security/cve/cve-2020-15810

https://access.redhat.com/security/cve/cve-2020-15811



> --=20
> pi@opsec.eu            +49 171 3101372                    Now what ?
> _______________________________________________
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org"