1 files changed, 33 insertions, 0 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index e904a88b6f9e..36f66829fa25 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -58,6 +58,39 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="620685d6-0aa3-11ea-9673-4c72b94353b5">
+    <topic>squid -- Vulnerable to HTTP Digest Authentication</topic>
+    <affects>
+      <package>
+	<name>squid</name>
+	<range><lt>4.9</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Squid Team reports:</p>
+	<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2019_11.txt">
+	  <p>Problem Description: Due to incorrect data management Squid is
+	    vulnerable to a information disclosure when processing HTTP Digest
+	    Authentication.</p>
+	  <p>Severity: Nonce tokens contain the raw byte value of a pointer which sits
+	    within heap memory allocation. This information reduces ASLR protections
+	    and may aid attackers isolating memory areas to target for remote code
+	    execution attacks.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://www.squid-cache.org/Advisories/SQUID-2019_11.txt</url>
+      <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679</url>
+      <cvename>CVE-2019-18679</cvename>
+    </references>
+    <dates>
+      <discovery>2019-11-05</discovery>
+      <entry>2019-11-19</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="f04f840d-0840-11ea-8d66-75d3253ef913">
     <topic>libidn2 -- roundtrip check vulnerability</topic>
     <affects>