On 19/04/20 8:18 pm, TarotApprentice wrote: > I am not sure if you have any contact with the Debian maintainers. I > raised a bug with Debian in March asking for 4.10 to get promoted to > buster-backports on the grounds of security fixes. If we’re on the > stable release (buster) we are stuck with 4.6 until the next stable > release (up to 2 years), use the testing release which has other changes > or we have to compile our own. I am part of the Debian packaging team assisting Luigi. AFAIK this is in the hands of the security team since it would be those grounds for backport. Security have just been in contact after a review and update of the open issues they are tracking against Debian Squid packages. Though I have not heard if any decision has been made about this request. What I do know is that many of the CVE with 4.x patches have had those applied to the Debian package available in Buster. There are some which do not backport easily, so not 100%, but the old package is not as vulnerable as it may appear from just the number. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
