diff mbox series

[meta-networking,kirkstone] squid: mark CVE-2025-59362 as patched

Message ID 20251014203704.585165-1-peter.marko@siemens.com
State New
Headers show
Series [meta-networking,kirkstone] squid: mark CVE-2025-59362 as patched | expand

Commit Message

Peter Marko Oct. 14, 2025, 8:37 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

Per [1] CVE-2025-59362 is fixed in patch for CVE-2023-5824.
That was a composite patch from more commits.
When checking it, it really contains also commit [2] which is mentioned
as fix for CVE-2025-59362.

[1] https://security-tracker.debian.org/tracker/CVE-2025-54574
[2] https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Gyorgy Sarvari Oct. 14, 2025, 9:07 p.m. UTC | #1 
Could you please fix the subject? It refers to CVE-2025-59362 instead
of CVE-2025-54574 - it took a bit of staring to see what's going on :)

On 10/14/25 22:37, Peter Marko via lists.openembedded.org wrote:
> From: Peter Marko <peter.marko@siemens.com>
>
> Per [1] CVE-2025-59362 is fixed in patch for CVE-2023-5824.
> That was a composite patch from more commits.
> When checking it, it really contains also commit [2] which is mentioned
> as fix for CVE-2025-59362.
>
> [1] https://security-tracker.debian.org/tracker/CVE-2025-54574
> [2] https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988
>
> Signed-off-by: Peter Marko <peter.marko@siemens.com>
> ---
>  meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch
> index 4946060313..6a58b56a9e 100644
> --- a/meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch
> +++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch
> @@ -8,7 +8,7 @@ Date:   Tue Nov 21 13:21:43 2023 +0100
>      backport
>  
>  Upstream-Status: Backport [RedHat RHEL8 squid-4.15-7.module+el8.9.0+20806+014d88aa.3.src.rpm]
> -CVE: CVE-2023-5824
> +CVE: CVE-2023-5824 CVE-2025-54574
>  Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
>  
>  diff --git a/src/AccessLogEntry.cc b/src/AccessLogEntry.cc
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#120625): https://lists.openembedded.org/g/openembedded-devel/message/120625
> Mute This Topic: https://lists.openembedded.org/mt/115760259/6084445
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [skandigraun@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Peter Marko Oct. 14, 2025, 9:13 p.m. UTC | #2 
Sent new patch.
Thanks for noticing.

Peter

> -----Original Message-----
> From: Gyorgy Sarvari <skandigraun@gmail.com>
> Sent: Tuesday, October 14, 2025 23:07
> To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>;
> openembedded-devel@lists.openembedded.org
> Subject: Re: [oe] [meta-networking][kirkstone][PATCH] squid: mark CVE-2025-
> 59362 as patched
> 
> Could you please fix the subject? It refers to CVE-2025-59362 instead
> of CVE-2025-54574 - it took a bit of staring to see what's going on :)
> 
> On 10/14/25 22:37, Peter Marko via lists.openembedded.org wrote:
> > From: Peter Marko <peter.marko@siemens.com>
> >
> > Per [1] CVE-2025-59362 is fixed in patch for CVE-2023-5824.
> > That was a composite patch from more commits.
> > When checking it, it really contains also commit [2] which is mentioned
> > as fix for CVE-2025-59362.
> >
> > [1] https://security-tracker.debian.org/tracker/CVE-2025-54574
> > [2] https://github.com/squid-
> cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988
> >
> > Signed-off-by: Peter Marko <peter.marko@siemens.com>
> > ---
> >  meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch
> b/meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch
> > index 4946060313..6a58b56a9e 100644
> > --- a/meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch
> > +++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch
> > @@ -8,7 +8,7 @@ Date:   Tue Nov 21 13:21:43 2023 +0100
> >      backport
> >
> >  Upstream-Status: Backport [RedHat RHEL8 squid-4.15-
> 7.module+el8.9.0+20806+014d88aa.3.src.rpm]
> > -CVE: CVE-2023-5824
> > +CVE: CVE-2023-5824 CVE-2025-54574
> >  Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> >
> >  diff --git a/src/AccessLogEntry.cc b/src/AccessLogEntry.cc
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#120625): https://lists.openembedded.org/g/openembedded-
> devel/message/120625
> > Mute This Topic: https://lists.openembedded.org/mt/115760259/6084445
> > Group Owner: openembedded-devel+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
> [skandigraun@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
diff mbox series

Patch

diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch
index 4946060313..6a58b56a9e 100644
--- a/meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-5824.patch
@@ -8,7 +8,7 @@  Date:   Tue Nov 21 13:21:43 2023 +0100
     backport
 
 Upstream-Status: Backport [RedHat RHEL8 squid-4.15-7.module+el8.9.0+20806+014d88aa.3.src.rpm]
-CVE: CVE-2023-5824
+CVE: CVE-2023-5824 CVE-2025-54574
 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
 
 diff --git a/src/AccessLogEntry.cc b/src/AccessLogEntry.cc