Due to improper input validation, Squid is vulnerable to an HTTP Request Smuggling attack.
This problem allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls.
For Debian 8 jessie, these problems have been fixed in version 3.5.23-5+deb8u3.
We recommend that you upgrade your squid3 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/