Debian Security Advisory DSA 721-1 - Michael Bhola discovered a bug in Squid, the popular WWW proxy cache. Squid does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
180e04f417cf4cafea4b6478b034d4d28b823b71e2594c367dd73be18f901646
Ubuntu Security Notice USN-122-1 - Michael Bhola discovered that errors in the http_access configuration, in particular missing or invalid ACLs, did not cause a fatal error in Squid. This could lead to wider access permissions than intended by the administrator.
61a13e5fe5b4b4da41b9e1a72b60fe19b6da49a870d6c4924d47a1d28bc4f2e2