<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr">I am not sure if you have any contact with the Debian maintainers. I raised a bug with Debian in March asking for 4.10 to get promoted to buster-backports on the grounds of security fixes. If we’re on the stable release (buster) we are stuck with 4.6 until the next stable release (up to 2 years), use the testing release which has other changes or we have to compile our own.</div><div dir="ltr"><br></div><div dir="ltr">Link to bug: <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954488" style="font-family: Helvetica; font-size: 12px;">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954488</a></div><div dir="ltr"><br></div><div dir="ltr">MarkJ </div><div dir="ltr"><br></div><div dir="ltr"><br><blockquote type="cite">On 19 Apr 2020, at 1:33 pm, Amos Jeffries <squid3@treenet.co.nz> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><span></span><br><span>On 19/04/20 6:52 am, Marcus Kool wrote:</span><br><blockquote type="cite"><span>Amos,</span><br></blockquote><blockquote type="cite"><span>The latest version of Squid is 4.10.  Do you mean "fixed in 4.10"</span><br></blockquote><blockquote type="cite"><span>instead of "fixed in 4.8" ?</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><span></span><br><span>No, these CVE were fixed in 4.8. The advisory was embargoed for another</span><br><span>issue, which is has taken too long and now going to be fixed in a later</span><br><span>release.</span><br><span></span><br><span>Amos</span><br><span></span><br><span></span><br><span></span><br><blockquote type="cite"><span>Thanks,</span><br></blockquote><blockquote type="cite"><span>Marcus</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>On 18/04/2020 14:10, Amos Jeffries wrote:</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>__________________________________________________________________</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>     Squid Proxy Cache Security Update Advisory SQUID-2019:4</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>__________________________________________________________________</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Advisory ID:        SQUID-2019:4</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Date:               April 18, 2020</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Summary:            Multiple Issues</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>                     in HTTP Request processing.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Affected versions:  Squid 3.5.18 -> 3.5.28</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>                     Squid 4.0.10 -> 4.7</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Fixed in version:   Squid 4.8</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>__________________________________________________________________</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>     http://www.squid-cache.org/Advisories/SQUID-2019_4.txt</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12520</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12524</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>__________________________________________________________________</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><span>_______________________________________________</span><br><span>squid-users mailing list</span><br><span>squid-users@lists.squid-cache.org</span><br><span>http://lists.squid-cache.org/listinfo/squid-users</span><br></div></blockquote></body></html>