CVE-2019-18860

Priority
Description
Squid before 4.9, when certain web browsers are used, mishandles HTML in
the host (aka hostname) parameter to cachemgr.cgi.
Assigned-to
mdeslaur
Notes
Package
Source: squid (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):released (4.8-1ubuntu2.3)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (4.10-1ubuntu1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (4.10-1ubuntu1)
Patches:
Upstream:https://github.com/squid-cache/squid/commit/5a90b4ce64c346ba7f317a278ba601091d9de076
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.12-1ubuntu7.11)
Ubuntu 18.04 LTS (Bionic Beaver):released (3.5.27-1ubuntu1.6)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-05-13 14:14:42 UTC (commit d1ac5eed550387b8be265809ca27c563ca504f9e)