Hi, The tracker page <https://security-tracker.debian.org/tracker/CVE-2015-3455> seems to need a bit of an update. The squid and squid3 packages in Debian Stretch and Sid are now at 3.5.10 version which is not vulnerable. Amos Jeffries (Squid upstream)