Source: squid Version: 4.3-1 Severity: minor Tags: security upstream Hi
Filling this bug to have an identifier (as long no CVEs are yet assigned): http://www.squid-cache.org/Advisories/SQUID-2018_4.txt > Problem Description: > > Due to incorrect input handling, Squid is vulnerable to a > Cross-Site Scripting vulnerability when generating HTTPS response > messages about TLS errors. Squid in Debian builds without TLS support, so it is marked as "unimportant" from security-tracker point of view. Regards, Salvatore