C-Note-05-010: Debian Squid Design Flaw Revised (06/15/2005)

A bug was discovered in Squid, the popular WWW proxy cache. Squid does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.

For the stable distribution (woody) this problem has been fixed in version 2.4.6-2woody8.

For the unstable distribution (sid) this problem has been fixed in version 2.5.9-7.

CAN-2005-1345

It is recommended that you upgrade your squid packages:

CIAC would like to thank Debian for this information.
http://www.debian.org/security/2005/dsa-721

Additional link: Red Hat HRSA-2005:415-16