If a proxy_auth acl is incorrectly defined with no members then any http_access
rules using this acl will give unpredictable results depending on the results of
earlier acl lookups. This patch corrects both the reason to why acl lookups
became unpredictable and makes Squid reject such incorrect acl definitions.
The upstream patch for this issue is here:
This issue should also affect RHEL2.1
RHEL-2.1 is safe--squid-2.4.STABLE7 errors on startup if the config file
contains empty proxy_auth acls.
In which of the RHSA's was this issue fixed?
D'oh. I think I found it -- RHSA-2005:061. Sorry to bother you.