diff --git a/SOURCES/squid-3.5.20-CVE-2019-13345.patch b/SOURCES/squid-3.5.20-CVE-2019-13345.patch
index 7142830..9e4782c 100644
--- a/SOURCES/squid-3.5.20-CVE-2019-13345.patch
+++ b/SOURCES/squid-3.5.20-CVE-2019-13345.patch
@@ -62,3 +62,30 @@ index 1ec4e15..fb5146e 100644
  
      debug("cmgr: decoded passwd: '%s'\n", passwd);
  
+diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc
+index fb5146e..388c87b 100644
+--- a/tools/cachemgr.cc
++++ b/tools/cachemgr.cc
+@@ -1069,14 +1069,20 @@ make_pub_auth(cachemgr_request * req)
+     if (!req->passwd || !strlen(req->passwd))
+         return;
+ 
++    auto *rfc1738_username = xstrdup(rfc1738_escape(safe_str(req->user_name)));
++    auto *rfc1738_passwd = xstrdup(rfc1738_escape(req->passwd));
++
+     /* host | time | user | passwd */
+     const int bufLen = snprintf(buf, sizeof(buf), "%s|%d|%s|%s",
+                                 req->hostname,
+                                 (int) now,
+-                                rfc1738_escape(safe_str(req->user_name)),
+-                                rfc1738_escape(req->passwd));
++                                rfc1738_username,
++                                rfc1738_passwd);
+     debug("cmgr: pre-encoded for pub: %s\n", buf);
+ 
++    safe_free(rfc1738_username);
++    safe_free(rfc1738_passwd);
++
+     const int encodedLen = base64_encode_len(bufLen);
+     req->pub_auth = (char *) xmalloc(encodedLen);
+     base64_encode_str(req->pub_auth, encodedLen, buf, bufLen);
diff --git a/SPECS/squid.spec b/SPECS/squid.spec
index 19fcc56..2eab55a 100644
--- a/SPECS/squid.spec
+++ b/SPECS/squid.spec
@@ -4,7 +4,7 @@
 
 Name:     squid
 Version:  3.5.20
-Release:  17%{?dist}.4
+Release:  17%{?dist}.5
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@@ -62,6 +62,8 @@ Patch218: squid-3.5.20-cache-siblings-gw.patch
 # Security Fixes:
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=1727744
+# Regression caused by original patch fixed -
+# https://bugzilla.redhat.com/show_bug.cgi?id=1890581
 Patch500: squid-3.5.20-CVE-2019-13345.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1582301
 Patch501: squid-3.5.20-CVE-2018-1000024.patch
@@ -412,6 +414,10 @@ fi
     chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
 
 %changelog
+* Mon Oct 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:3.5.20-17.5
+- Resolves: #1890581 - Fix for CVE 2019-13345 breaks authentication in
+  cachemgr.cgi
+
 * Fri Aug 28 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:3.5.20-17.4
 - Resolves: #1872349 - CVE-2020-24606 squid: Improper Input Validation could
   result in a DoS