Are we going to acknowledge this vulnerability with a SQUID:2009-N alert? The reports seem to indicate it can be triggered remotely by servers.
It was fixed during routine bug closures a while ago so we just need to wrap up an explanation and announce the fixed releases. Amos
