关键漏洞信息 CVE Request for Squid HTTP Proxy Vulnerability in Squid Version 3.5.6: - Issue #1: - Description: Due to incorrect handling of peer responses in a 2+ proxy cascade, remote clients can bypass authentication and gain unprivileged access to secured resources. - CVE: To be assigned (SQUID-2015_2.txt) - Affected Versions: All versions up to and including 3.5.5. Issue #2: - Description: Potential DoS vulnerability from repeated TLS renegotiation messages by malicious clients, though possibly requires outdated OpenSSL libraries. - Relevant CVEs: CVE-2009-3555 and possibly CVE-2011-1473. - Affected Versions: Up to and including 3.5.5. Miscellaneous: Reference to changesets: - - Action Needed: Confirm and assign appropriate CVEs. Confirm if the Squid release announcement should note selected existing CVEs.