Hello startrekfan, please don't do top posting.
Am 15.01.2016 um 23:19 schrieb startrekfan: > squid3 3.4.8 has some security issues(risks)/bugs so an upgrade to 3.5 is > actually only a fix of this bugs/security issues. Which issues do you refer? What bugs in detail? Have you looked into the links Ben was providing? If you are talking about CVE-2015-5400 you will it is fixed and there are no other open issues, but Ben was already talking about that. > There is no patch for 3.4.8 because it's outdated. But it's not impossible to do such a patch, isn't it? And that's what maintainer of Debian packages do on their own if upstream isn't very helpful. This work ends in security updates. You use this feature in your sources list to get them via apt? > Debian Jessie is the current active release. So why not fixing squid3 > in Debian Jessie with an stable 3.5 update?> Because this isn't needed if you can patch such issues and will probably break other packages if you do such updates without further testing. Please remind there are over 40.000 packages in the release which need time to test all such side effects. Of course not all other packages within Debian depending on squid but there are enough. Try out yourself 'apt-cache rdepends squid3'. -- Regards Carsten Schoenert
