[MIR] squid3
Bug #889243 reported by
Chuck Short
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| squid3 (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Bug Description
Availability: Package is in universe
Rationale: Replace squid which is in main so we can have better support for the LTS.
Security: Numerous CVE history (http://
QA:
* Well maintained by debian
* Server Team will take care of it
Dependencies: All in main
Standards Compliance: FHS and Debian compliant
| Changed in squid3 (Ubuntu): | |
| assignee: | nobody → Jamie Strandboge (jdstrand) |
| status: | New → In Progress |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in squid3 (Ubuntu): | |
| status: | In Progress → Fix Released |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #2 |
To post a comment you must log in.
Security team review:
This MIR is actually at the request of the security team. While squid and squid3 have quite a few CVEs in their history, upstream is very good about supporting these, with timely announcements and patches. There are indications that upstream is beginning to taper off its support for squid 2, so it is important that we transition to squid3 for 12.04 so that it is supportable for 5 years.
The package is well supported in Debian. Packaging it fine. This is the next currently supported version of squid in both Debian and upstream, and does not require a re-review from security. This builds fine with no dependencies outside of main.
I can say I noticed a bunch of these in the build log:
$ egrep -i '(error|warning):' ./squid3_
g++: warning: switch '-fhuge-objects' is no longer supported
g++: warning: switch '-fhuge-objects' is no longer supported
g++: warning: switch '-fhuge-objects' is no longer supported
...
So we might want to get that cleaned up.
I have taken the liberty of promoting this. Please adjust the seeds to use squid3 instead of squid accordingly.