Nonce tokens contain the raw byte value of a pointer which sits
within heap memory allocation. This information reduces ASLR
protections and may aid attackers isolating memory areas to
target for remote code execution attacks.
For reporting of security sensitive bugs send an email to the
[hidden email] mailing list. It's a closed
list (though anyone can post) and security related bug reports
are treated in confidence until the impact has been established.
2019-08-05 06:15:36 UTC Initial Report
2019-10-20 18:59:08 UTC Patches Released
2019-11-04 13:43:22 UTC CVE Assignment
squid-announce mailing list
[hidden email] http://lists.squid-cache.org/listinfo/squid-announce