CVE-2019-12519 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
A stack-based out-of-bounds write has been found in Squid before 4.11 or 5.0.2., where a crafted ESI response sent from an upstream server can overwrite arbitrary attacker controlled information onto the process stack.
Group Package Affected Fixed Severity Status Ticket
AVG-1146 squid 4.10-2 4.12-1 Critical Fixed
References
http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
http://www.squid-cache.org/Versions/v4/changesets/squid-4-fdd4123629320aa1ee4c3481bb392437c90d188d.patch