15.01.2016 22:47, startrekfan wrote:
> *squid3 Version 3.4.8* is deployed in the Jessie stable repository.*This
> version is outdated and has some security risks!!*. Version 3.5 is more
> secure but unfortunately it's only marked as unstable
I wonder how many times this question should be asked
Hi,
The link you provided refers to an issue with proxy certificates for SSL
interception. This feature is disabled in Debian squid3 package due to
licensing issues with OpenSSL, thus this is not a bug in Debian squid3 packages.
The only way this bug could affect a Debian user would be if the u
I didn't subscribed to the mailing list. So* please put my mail address
into cc*. thanks.
I think I found a security issue that is not fixed in debian squid 3.4.8.
Squid 3.4 seems to use the sha1 algorithm for dynamic certificate
generation. Sha1 is unsafe. This seems to be fixed only in squid 3.5
Hi,
startrekfan wrote:
> *squid3 Version 3.4.8* is deployed in the Jessie stable repository.* This
> version is outdated and has some security risks!!*. Version 3.5 is more
> secure but unfortunately it's only marked as unstable
Have you checked
https://packages.qa.debian.org/s/squid3/news/201508
startrekfan writes:
> *squid3 Version 3.4.8* is deployed in the Jessie stable repository.* This
> version is outdated and has some security risks!!*. Version 3.5 is more
> secure but unfortunately it's only marked as unstable
If there are security bugs in squid3 (or in any other debian package),
Hello startrekfan,
please don't do top posting.
Am 15.01.2016 um 23:19 schrieb startrekfan:
> squid3 3.4.8 has some security issues(risks)/bugs so an upgrade to 3.5 is
> actually only a fix of this bugs/security issues.
Which issues do you refer? What bugs in detail? Have you looked into the
lin
squid3 3.4.8 has some security issues(risks)/bugs so an upgrade to 3.5 is
actually only a fix of this bugs/security issues. There is no patch for
3.4.8 because it's outdated. Debian Jessie is the current active release.
So why not fixing squid3 in Debian Jessie with an stable 3.5 update?
Ben Hutch
On Fri, 2016-01-15 at 19:47 +, startrekfan wrote:
> Hello,
>
> I'm not sure which mailing list I should chose. So I'll try my luck here.
>
> I didn't subscribed to the mailing list. So* please put my mail address
> into cc*. thanks.
>
> *squid3 Version 3.4.8* is deployed in the Jessie stable
8 matches
Mail list logo
