Hi, Thank you for posting this, but I'm afraid it is confusing:
On Wed, Nov 05, 2025 at 11:26:14AM +1300, Amos Jeffries wrote: > Squid Proxy Cache Security Update Advisory SQUID-2023:6 > Advisory ID: | SQUID-2023:6 (CVE-2019-18860) > Date: | November 5, 2025 OK, so it's an advisory from 2023 for a CVE from 2019 (or for an issue first disclosed in 2019), which was updated in 2025. This brings up the question of what those updates in 2025 are... > Revision history: > > 2019-10-18 20:15:14 UTC Initial Report > 2019-11-03 16:22:22 UTC Initial Patches Released > 2020-03-31 11:07:35 UTC Additional Report ...but the revision history starts in 2019 (before the advisory year?!) and ends in 2020. I also found this advisory at: https://github.com/squid-cache/squid/security/advisories where it's the only one "published" (or updated?) very recently: > SQUID-2023:6 Cross Site Scripting in cachemgr.cgi > GHSA-xxrg-5p7x-r66h published 1 hour ago by yadij I also see a couple of SQUID-2025 advisories, one from July 31 and the other from October 17, 2025. Both have Critical CVSS severities. I don't recall you bringing them to here? Perhaps do that now? > SQUID-2025:2 Information Disclosure in Error handling > GHSA-c8cc-phh7-xmxr published 3 weeks ago by yadij > Critical > > SQUID-2025:1 Buffer Overflow in URN Handling > GHSA-w4gv-vw3f-29g3 published on Jul 31 by yadij > Critical I think it's unreasonable to go further back now, but posting these two recent ones should be beneficial. Thanks, Alexander
