CVE-2019-12526 (https://nvd.nist.gov/vuln/detail/CVE-2019-12526): Due to incorrect buffer management Squid is vulnerable to a heap overflow and possible remote code execution attack when processing URN. CVE-2019-18678 (https://nvd.nist.gov/vuln/detail/CVE-2019-18678): Due to incorrect message parsing Squid is vulnerable to an HTTP request splitting issue. CVE-2019-18679 (https://nvd.nist.gov/vuln/detail/CVE-2019-18679): Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication.
New GLSA request filed.
This issue was resolved and addressed in GLSA 202003-34 at https://security.gentoo.org/glsa/202003-34 by GLSA coordinator Thomas Deutschmann (whissi).