I think this bug is probably the same authentication issue that resulted in this upstream patch: <www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13930.patch>
It is technically not part of the CVE fix, but is needed to let certain auth configuration to coninue working once the fix is in place. Amos