A DoS condition in squid was reported [1] in the Debian bug tracker where certain headers using defined delimiters (such as ','), and used by either external authentication or access log formats that include parts of the headers with delimiters, could cause squid to crash. Configuration details and gdb output is included in the Debian bug. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982
This is now noted upstream: http://www.squid-cache.org/bugs/show_bug.cgi?id=2704 No additional information or response from upstream as of yet.
This is CVE-2009-2855. *** This bug has been marked as a duplicate of bug 518182 ***