mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-01-04 16:10:10 +00:00
508a2e6b94
According to [1] the ESI implementation in squid feature is vulnerable
without any fix available.
NVD says it's fixed in 6.10, however the change in this release only
disables ESI by default (which we always did via PACKAGECONFIG).
This means CVE report would say Patched even if the vulnerability is
still present if someone adapts squid PACKAGECONFIG.
Commit in master branch related to this CVE is [2].
Title is "Remove Edge Side Include (ESI) protocol" and it's also what it
does. So there will never be a fix for these ESI vulnerabilities.
Based on this, remove vulnerable ESI PACKAGECONFIG already now.
[1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
[2]
|
||
|---|---|---|
| .. | ||
| atftp | ||
| autofs | ||
| igmpproxy | ||
| ippool | ||
| iscsi-initiator-utils | ||
| keepalived | ||
| lldpd | ||
| ncftp | ||
| networkd-dispatcher | ||
| openhpi | ||
| opensaf | ||
| postfix | ||
| proftpd | ||
| ptpd | ||
| pure-ftpd | ||
| radvd | ||
| squid | ||
| tftp-hpa | ||
| vblade | ||
| vsftpd | ||