squid-2.2.stable5-newlines_in_auth.patch
After decoding the base64 encoded "user:password" pair given by the
client, squid doesn't strip out any '\n' found in the resulting
string. Given such a string, any external authenticator will receive two
lines instead of one, and most probably send two results. Now, any
subsequent authentification exchange will have its answer shifted by
one. Therefore, a malicious user can gain access to sites they should not
have access to.
squid-2.2.stable5-ipcache_negative.patch
The IP cache immediately removes entries that should be negatively
cached. This appears to be due to some changes made for retrying failed
connections.
squid-2.2.stable5-no_cache.patch
A missing no_cache list is treated the same as no_cache deny all.
