Hi Amos, On Wed, May 11, 2016 at 03:12:14PM +1200, Amos Jeffries wrote: > > CVE-2016-4553: > Patch for 3.4 and older is now available at > <http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13240.patch>. > > CVE-2016-4554: > Additional changes are needed than those initially linked to. see the > advisory URL for updated patch links. > > CVE-2016-4555: > Squid-3.1 in wheezy is not affected. > > CVE-2016-4556: > Patch for 3.4 should also apply fairly easily to 3.1, but has not been > tested. > Also, the severity of this issue is much reduced for Debian since SSL > is not enabled. > Though it still remains an issue for CDN and reverse-proxy installations. > > > HTH
Yes, thanks for your feedback. Regards, Salvatore