Phil Oester discovered that squid3, a fully featured Web Proxy cache, is prone to a denial of service attack via a specially crafted request that includes empty strings. For the stable distribution , this problem has been fixed in version 3.0.STABLE8-3+lenny4. For the testing distribution , this problem will be fixed soon. For the unstable distribution , this problem has been fixed in version 3.1.6-1.1. We recommend that you upgrade your squid3 packages.