Comment 3 for bug 2041837

> Yes, the reporter provides additional background on the official CVE reporting into https://www.openwall.com/lists/oss-security/2023/10/11/3

Thanks for the pointers.

I am unsure on what the security team policy is regarding issues whose a CVE has not been assigned to. But If there are upstream backports of the issues for 5.x and 6.x, this may be something that would be fixed through our MRE process described in https://wiki.ubuntu.com/SquidUpdates.

> Would you have pointer to the task tracking the squid deb package updates?

I added one to this bug you filed (you can see that there is now a tracker for "Squid (Ubuntu)" here.