[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IMPORTEND squid3 stable needs update

squid3 3.4.8 has some security issues(risks)/bugs so an upgrade to 3.5 is actually only a fix of this bugs/security issues. There is no patch for 3.4.8 because it's outdated. Debian Jessie is the current active release. So why not fixing squid3 in Debian Jessie with an stable 3.5 update?

Ben Hutchings <ben@decadent.org.uk> schrieb am Fr., 15. Jan. 2016 um 21:26 Uhr:
On Fri, 2016-01-15 at 19:47 +0000, startrekfan wrote:
> Hello,
> I'm not sure which mailing list I should chose. So I'll try my luck here.
> I didn't subscribed to the mailing list. So* please put my mail address
> into cc*. thanks.
> *squid3 Version 3.4.8* is deployed in the Jessie stable repository.* This
> version is outdated and has some security risks!!*. Version 3.5 is more
> secure but unfortunately it's only marked as unstable

You seem a bit confused about how Debian releases work.  Within any
stable release, we apply bug fixes only - unless it's impossible for us
to provide security support for the old upstream version.

Our package of squid 3.4.8 does have a security fix on top of the
upstream version: https://tracker.debian.org/news/702659

So far as we know, there are no important security issues still
affecting the version in jessie:

Do you know otherwise?


> So I'd like to request to mark Version 3.5 as stable.(But Version 3.5 in
> stable state)
> thank you
Ben Hutchings
The program is absolutely right; therefore, the computer must be wrong.

Reply to: