© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Hi gberche,
Thanks for reporting this bug.
Our images are based on the squid versions available in the Ubuntu archive. Once the fixes are available for the deb packages (which are potentially backported to the supported series depending on CVE severity and other factors determined by the security team) the images are re-built and re-tagged to include such fixes.
> Squid 5.2.x is vulnerable to CVEs with CVSS scores of 9.6 to 9.9
I suppose that the CVEs for the mentioned vulnerabilities were not release yet, is this right?
I could find no October 2023 entries in https:/
I am including tasks for the squid deb package as well since it seems to be affected.
I suppose there is no need for this to be private since the vulnerabilities have been disclosed upstream, but I will leave this to someone in the security team to assess.