Re: IMPORTEND squid3 stable needs update

2016-01-26 Thread Chris Bannister
On Fri, Jan 22, 2016 at 09:37:52PM +0300, Michael Tokarev wrote: > 15.01.2016 22:47, startrekfan wrote: > > > *squid3 Version 3.4.8* is deployed in the Jessie stable > > repository.*This version is outdated and has some security risks!!*. > > Version 3.5 is more secure but unfortunately it's only

Re: IMPORTEND squid3 stable needs update

2016-01-26 Thread Charlie Kravetz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 26 Jan 2016 22:17:54 +1300 Chris Bannister wrote: >On Fri, Jan 22, 2016 at 09:37:52PM +0300, Michael Tokarev wrote: >> 15.01.2016 22:47, startrekfan wrote: >> >> > *squid3 Version 3.4.8* is deployed in the

Re: IMPORTEND squid3 stable needs update

2016-01-22 Thread Michael Tokarev
15.01.2016 22:47, startrekfan wrote: > *squid3 Version 3.4.8* is deployed in the Jessie stable repository.*This > version is outdated and has some security risks!!*. Version 3.5 is more > secure but unfortunately it's only marked as unstable I wonder how many times this question should be

Re: IMPORTEND squid3 stable needs update

2016-01-22 Thread Luigi Gangitano
Hi, The link you provided refers to an issue with proxy certificates for SSL interception. This feature is disabled in Debian squid3 package due to licensing issues with OpenSSL, thus this is not a bug in Debian squid3 packages. The only way this bug could affect a Debian user would be if the

Re: IMPORTEND squid3 stable needs update

2016-01-22 Thread startrekfan
I didn't subscribed to the mailing list. So* please put my mail address into cc*. thanks. I think I found a security issue that is not fixed in debian squid 3.4.8. Squid 3.4 seems to use the sha1 algorithm for dynamic certificate generation. Sha1 is unsafe. This seems to be fixed only in squid

Re: IMPORTEND squid3 stable needs update

2016-01-18 Thread Axel Beckert
Hi, startrekfan wrote: > *squid3 Version 3.4.8* is deployed in the Jessie stable repository.* This > version is outdated and has some security risks!!*. Version 3.5 is more > secure but unfortunately it's only marked as unstable Have you checked

IMPORTEND squid3 stable needs update

2016-01-15 Thread startrekfan
Hello, I'm not sure which mailing list I should chose. So I'll try my luck here. I didn't subscribed to the mailing list. So* please put my mail address into cc*. thanks. *squid3 Version 3.4.8* is deployed in the Jessie stable repository.* This version is outdated and has some security

Re: IMPORTEND squid3 stable needs update

2016-01-15 Thread Ben Hutchings
On Fri, 2016-01-15 at 19:47 +, startrekfan wrote: > Hello, > > I'm not sure which mailing list I should chose. So I'll try my luck here. > > I didn't subscribed to the mailing list. So* please put my mail address > into cc*. thanks. > > *squid3 Version 3.4.8* is deployed in the Jessie

Re: IMPORTEND squid3 stable needs update

2016-01-15 Thread startrekfan
squid3 3.4.8 has some security issues(risks)/bugs so an upgrade to 3.5 is actually only a fix of this bugs/security issues. There is no patch for 3.4.8 because it's outdated. Debian Jessie is the current active release. So why not fixing squid3 in Debian Jessie with an stable 3.5 update? Ben

Re: IMPORTEND squid3 stable needs update

2016-01-15 Thread Carsten Schoenert
Hello startrekfan, please don't do top posting. Am 15.01.2016 um 23:19 schrieb startrekfan: > squid3 3.4.8 has some security issues(risks)/bugs so an upgrade to 3.5 is > actually only a fix of this bugs/security issues. Which issues do you refer? What bugs in detail? Have you looked into the