From 69ad9200cd5a7434d1b5e9746a63be8d9a2c5315 Mon Sep 17 00:00:00 2001 From: "David A. Wheeler" Date: Fri, 13 Oct 2023 14:06:08 -0400 Subject: [PATCH] Add squid Signed-off-by: David A. Wheeler --- reviews/github/squid/squid.md | 47 +++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 reviews/github/squid/squid.md diff --git a/reviews/github/squid/squid.md b/reviews/github/squid/squid.md new file mode 100644 index 0000000..4592dd8 --- /dev/null +++ b/reviews/github/squid/squid.md @@ -0,0 +1,47 @@ +--- +Publication-State: Active +Access: Public +Reviewers: +- Name: Joshua "megamansec" Hu + Associated-With-Project: False + Compensation-Source: External +Domain: Security +Methodology: +- Code-Review +Issues-Identified: Severe +Package-URLs: +- pkg:github/squid-cache/squid +Review-Date: 2021-06-15 +Scope: Implementation/Full +Schema-Version: 1.0 +SPDX-License-Identifier: CC-BY-4.0 +--- + +### Summary + +Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days + +### Details + +A brief review found an extremely large number of vulnerabilities in squid, and there is no proactive effort to fix them. "The Squid Team have been helpful and supportive during the process of reporting these issues. However, they are effectively understaffed, and simply do not have the resources to fix the discovered issues. Hammering them with demands to fix the issues won’t get far. ... If you are running Squid in an environment which may suffer from any of these issues, then it is up to you to reassess whether Squid is the right solution for your system." + +### Methodology + +No methodology was provided. + +### External References + +https://megamansec.github.io/Squid-Security-Audit/ + +### Disclaimer + +All security reviews are conducted on a "best-effort" basis against a software +component at a point in time. We make no guarantee as to the quality or completeness +of any review. If you believe any content is inaccurate, we encourage you to open +an issue or submit a pull request with a correction or improvement. + +### License + +This text is released under at least the +[Creative Commons Attribution 4.0 (CC-BY-4.0) license](https://creativecommons.org/licenses/by/4.0/legalcode.txt). +Externally-referenced content may be licensed differently.