A CVE has been assigned for a security issue which will be fixed soon in Squid: http://openwall.com/lists/oss-security/2015/04/30/4 New 3.3.x and 3.4.x releases will be issued. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
Updates checked into Mageia 4 and Cauldron SVN. Freeze push requested.
Upstream advisory with full details: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
Updated packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated squid packages fix security vulnerability: Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields (CVE-2015-3455). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3455 http://www.squid-cache.org/Advisories/SQUID-2015_1.txt ======================== Updated packages in core/updates_testing: ======================== squid-3.3.14-1.mga4 squid-cachemgr-3.3.14-1.mga4 from squid-3.3.14-1.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => (none)
Procedure: https://bugs.mageia.org/show_bug.cgi?id=14004#c3
Whiteboard: (none) => has_procedure
Testing MGA4.1 32 and 64 bit, Vbox hardware
CC: (none) => vzawalin1
Working fine on Mageia 4 i586.
Whiteboard: has_procedure => has_procedure MGA4-32-OK
Tested 3.3.14-1.mga4.x86_64 on MGA4.1 64 bit VBOX-guest. ACL works Cache works
Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK
Well done Vlad! Validating. Advisory uploaded. Please push to 4 updates Thanks!
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0191.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/643131/