LDAP is very forgiving about spaces in search filters and this could be abused to log in using several variants of the login name, possibly bypassing explicit access controls or confusing accounting
Andrew please apply.
Fixes in 2.5.7-r3 just in cvs now.
Patchset : 20050121
Security please vote on GLSA for this one.
I would vote NO. Squid has suffered enough already, and it could be considered a simple bug.
I vote for no GLSA as well. If another issue pops up we might include it.