Launchpad CVE tracker

CVE 2022-41317

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

Related bugs and status

CVE-2022-41317 (Candidate) is related to these bugs:

Bug #1975399: FATAL FwdState::noteDestinationsEnd exception: opening()

Summary				In	Importance	Status
	1975399	FATAL FwdState::noteDestinationsEnd exception: opening()		squid (Ubuntu)	Low	Fix Released
	1975399	FATAL FwdState::noteDestinationsEnd exception: opening()		squid (Ubuntu Jammy)	Low	Fix Released

Bug #1993446: Merge squid from Debian unstable for l-series

Summary				In	Importance	Status
	1993446	Merge squid from Debian unstable for l-series		squid (Ubuntu)	Undecided	Fix Released

Bug #2004050: squid builds do not halt upon dh_auto_test failures

		In	Importance	Status
2004050	squid builds do not halt upon dh_auto_test failures	squid (Ubuntu)	Undecided	Fix Released
2004050	squid builds do not halt upon dh_auto_test failures	squid (Ubuntu Jammy)	Undecided	Fix Released
2004050	squid builds do not halt upon dh_auto_test failures	squid (Ubuntu Lunar)	Undecided	Fix Released
2004050	squid builds do not halt upon dh_auto_test failures	squid (Ubuntu Kinetic)	Undecided	Won't Fix

Bug #2013423: Upstream microrelease 5.7

		In	Importance	Status
2013423	Upstream microrelease 5.7	squid (Ubuntu)	Undecided	Fix Released
2013423	Upstream microrelease 5.7	squid (Ubuntu Jammy)	Undecided	Fix Released
2013423	Upstream microrelease 5.7	squid (Ubuntu Kinetic)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-41317

References