Upstream fixed a security issue in digest_authentication [1] that can allow disabled user or users with changed password to access the squid service with old credentials. Upstream patch for Squid 3.4: http://bazaar.launchpad.net/~squid/squid/3.4/revision/13211 Upstream patch for Squid 3.5: http://bazaar.launchpad.net/~squid/squid/3.5/revision/13735 [1]: http://bugs.squid-cache.org/show_bug.cgi?id=4066
Created squid tracking bugs for this issue: Affects: fedora-all [bug 1186772]