Comment 1 for bug 1890265

I was about to read code for latest 2 included patches and @ahasenack warned me about:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965012

with current status:

"""
Hello Andreas,

thanks for your patience. I believe I have found the underlying problem.
It is a parsing issue in src/adaptation/icap/ModXact.cc and HttpMsg.cc.

2020/07/28 09:55:14.614 kid1| 58,3| HttpMsg.cc(184) parse:
HttpMsg::parse: cannot parse isolated headers in 'OPTIONS
icap://127.0.0.1:1344/virus_scan ICAP/1.0

To fix CVE-2019-12523 the urlParse function had to be updated to use the
new SBuf API for better access checks. However at one point in time
upstream did no longer used this function to parse icap headers and
simply copied an already known url. I have attached the
CVE-2019-12523.patch. You can just replace it with the old one. If
everything works as expected I will upload this change as +deb9u3 shortly.

Regards,

Markus
"""