Hi, The link you provided refers to an issue with proxy certificates for SSL interception. This feature is disabled in Debian squid3 package due to licensing issues with OpenSSL, thus this is not a bug in Debian squid3 packages. The only way this bug could affect a Debian user would be if the user had recompiled squid3 with OpenSSL supporto. I’m sure you understand that we cannot provide support for any custom built package. Is there any other security issue in Debian squid3 package that you are aware of? Squid3 in Debian is in very good shape because Amos Jeffrey, one of the upstream developers is directly involved in packaging squid3 for Debian and is doing an excellent job keeping up with upstream fixes. Best regards, L -- GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972 C24A F19B A618 924C 0C26 GPG: 4096R/2BA97CED: 8D48 5A35 FF1E 6EB7 90E5 0F6D 0284 F20C 2BA9 7CED
|