squid: conditionally set status of CVE-2024-45802 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Peter Marko <peter.marko@siemens.com>	2024-11-08 22:08:13 +0100
committer	Armin Kuster <akuster808@gmail.com>	2024-11-09 14:44:28 -0500
commit	98e1f972bd7bab87efbf7a4fec69d8b3324f9de3 (patch)
tree	9ffcb9208c907b49dfb7cb11965f0e8a1ac68e43 /meta-python/recipes-devtools/python/python3-h5py
parent	ea99328a0685b577adf4175e4d674c560ce9a490 (diff)
download	meta-openembedded-98e1f972bd7bab87efbf7a4fec69d8b3324f9de3.tar.gz

squid: conditionally set status of CVE-2024-45802

According to [1] the ESI feature implementation in squid is vulnerable without any fix available. NVD says it's fixed in 6.10, however the change in this release only disables ESI by default (which we always did via PACKAGECONFIG). Commit in master branch related to this CVE is [2]. Title is "Remove Edge Side Include (ESI) protocol" and it's also what it does. So there will never be a fix for these ESI vulnerabilities. We should not break features in LTS branch and cannot fix this problem. So ignrore this CVE based on set PACKAGECONFIG which should remove it from reports for most users. Thos who need ESI need to assess the risk themselves. [1] https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj [2] https://github.com/squid-cache/squid/commit/5eb89ef3d828caa5fc43cd8064f958010dbc8158 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-h5py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: