LDAP is very forgiving about spaces in search filters and this could be abused to log in using several variants of the login name, possibly bypassing explicit access controls or confusing accounting
Andrew please apply.
Fixes in 2.5.7-r3 just in cvs now. Patchset : 20050121
Thx Andrew. Security please vote on GLSA for this one.
I would vote NO. Squid has suffered enough already, and it could be considered a simple bug.
I vote for no GLSA as well. If another issue pops up we might include it.
GLSA 200502-04