Package: squid3 Version: 3.4.8-6+deb8u1 Severity: important Tags: upstream Dear Maintainer,
In our campus, We use two level of squid proxy. computer<-->proxy2<-->proxy1<-->internet proxy2 basicaly pass every request to proxy1 when internet and do direct request when intranet. cache_peer proxy1.tld parent 3128 0 no-query default login=PASS name=proxy1 proxy1 does require authentication. When computer request any external https page without being previously authenticated, proxy2 pass the CONNECT request to proxy1. Proxy1 reply with an HTTP/407 response. - Before CVE-2015-5400 fix, proxy1 used to pass this response to computer and further communication ran normaly. - With CVE-2015-5400 fix, proxy1 consider HTTP/407 as an error and reply to computer with an HTTP/502 response and further communication is stopped. I expect HTTP/407 to be passed to computer (and maybe some others codes) Note : this doesn't impact http as http uses other method (GET). Sincerely yours, François -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages squid3 depends on: ii adduser 3.113+nmu3 ii libc6 2.19-18+deb8u1 ii libcap2 1:2.24-8 ii libcomerr2 1.42.12-1.1 ii libdb5.3 5.3.28-9 ii libecap2 0.2.0-3 ii libexpat1 2.1.0-6+deb8u1 ii libgcc1 1:4.9.2-10 ii libgssapi-krb5-2 1.12.1+dfsg-19 ii libk5crypto3 1.12.1+dfsg-19 ii libkrb5-3 1.12.1+dfsg-19 ii libldap-2.4-2 2.4.40+dfsg-1+deb8u1 ii libltdl7 2.4.2-1.11 ii libnetfilter-conntrack3 1.0.4-1 ii libnettle4 2.7.1-5 ii libpam0g 1.1.8-3.1 ii libsasl2-2 2.1.26.dfsg1-13 ii libstdc++6 4.9.2-10 ii libxml2 2.9.1+dfsg1-5 ii logrotate 3.8.7-1+b1 ii lsb-base 4.1+Debian13+nmu1 ii netbase 5.3 ii squid3-common 3.4.8-6+deb8u1 squid3 recommends no packages. Versions of packages squid3 suggests: pn resolvconf <none> ii smbclient 2:4.1.17+dfsg-2 ii squid-cgi 3.4.8-6+deb8u1 pn squid-purge <none> pn squidclient <none> pn ufw <none> pn winbindd <none> -- Configuration Files: /etc/squid3/squid.conf changed [not included] -- no debconf information