diff -u -r -N squid-3.1.22/ChangeLog squid-3.1.23/ChangeLog
--- squid-3.1.22/ChangeLog	2012-12-02 23:02:17.000000000 +1300
+++ squid-3.1.23/ChangeLog	2013-01-09 15:15:21.000000000 +1300
@@ -1,3 +1,7 @@
+Changes to squid-3.1.23 (09 Jan 2013):
+
+	- Additional fixes for CVE-2012-5643 / SQUID:2012-1
+
 Changes to squid-3.1.22 (03 Dec 2012):
 
 	- Bug 3685: Squid hangs in Delay Pools ClassCBucket::update
diff -u -r -N squid-3.1.22/configure squid-3.1.23/configure
--- squid-3.1.22/configure	2012-12-02 23:03:29.000000000 +1300
+++ squid-3.1.23/configure	2013-01-09 15:16:26.000000000 +1300
@@ -1,9 +1,9 @@
 #! /bin/sh
 # From configure.ac Revision.
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.1.22.
+# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.1.23.
 #
-# Report bugs to <http://www.squid-cache.org/bugs/>.
+# Report bugs to <http://bugs.squid-cache.org/>.
 #
 #
 # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -248,7 +248,7 @@
     $as_echo "$0: be upgraded to zsh 4.3.4 or later."
   else
     $as_echo "$0: Please tell bug-autoconf@gnu.org and
-$0: http://www.squid-cache.org/bugs/ about your system,
+$0: http://bugs.squid-cache.org/ about your system,
 $0: including any error possibly output before this
 $0: message. Then install a modern shell, or manually run
 $0: the script under such a shell if you do have one."
@@ -575,9 +575,9 @@
 # Identity of this package.
 PACKAGE_NAME='Squid Web Proxy'
 PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.1.22'
-PACKAGE_STRING='Squid Web Proxy 3.1.22'
-PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/'
+PACKAGE_VERSION='3.1.23'
+PACKAGE_STRING='Squid Web Proxy 3.1.23'
+PACKAGE_BUGREPORT='http://bugs.squid-cache.org/'
 PACKAGE_URL=''
 
 ac_unique_file="src/main.cc"
@@ -1540,7 +1540,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.1.22 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 3.1.23 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1610,7 +1610,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of Squid Web Proxy 3.1.22:";;
+     short | recursive ) echo "Configuration of Squid Web Proxy 3.1.23:";;
    esac
   cat <<\_ACEOF
 
@@ -1878,7 +1878,7 @@
 Use these variables to override the choices made by `configure' or to help
 it to find libraries and programs with nonstandard names/locations.
 
-Report bugs to <http://www.squid-cache.org/bugs/>.
+Report bugs to <http://bugs.squid-cache.org/>.
 _ACEOF
 ac_status=$?
 fi
@@ -1941,7 +1941,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-Squid Web Proxy configure 3.1.22
+Squid Web Proxy configure 3.1.23
 generated by GNU Autoconf 2.68
 
 Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2693,9 +2693,9 @@
 $as_echo "$as_me: WARNING: $2:     section \"Present But Cannot Be Compiled\"" >&2;}
     { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
-( $as_echo "## ----------------------------------------------- ##
-## Report this to http://www.squid-cache.org/bugs/ ##
-## ----------------------------------------------- ##"
+( $as_echo "## ------------------------------------------- ##
+## Report this to http://bugs.squid-cache.org/ ##
+## ------------------------------------------- ##"
      ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
@@ -2952,7 +2952,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by Squid Web Proxy $as_me 3.1.22, which was
+It was created by Squid Web Proxy $as_me 3.1.23, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   $ $0 $@
@@ -3771,7 +3771,7 @@
 
 # Define the identity of the package.
  PACKAGE='squid'
- VERSION='3.1.22'
+ VERSION='3.1.23'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -28243,7 +28243,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by Squid Web Proxy $as_me 3.1.22, which was
+This file was extended by Squid Web Proxy $as_me 3.1.23, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -28303,13 +28303,13 @@
 Configuration commands:
 $config_commands
 
-Report bugs to <http://www.squid-cache.org/bugs/>."
+Report bugs to <http://bugs.squid-cache.org/>."
 
 _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-Squid Web Proxy config.status 3.1.22
+Squid Web Proxy config.status 3.1.23
 configured by $0, generated by GNU Autoconf 2.68,
   with options \\"\$ac_cs_config\\"
 
diff -u -r -N squid-3.1.22/configure.ac squid-3.1.23/configure.ac
--- squid-3.1.22/configure.ac	2012-12-02 23:03:29.000000000 +1300
+++ squid-3.1.23/configure.ac	2013-01-09 15:16:26.000000000 +1300
@@ -1,8 +1,4 @@
-
-dnl
-dnl  $Id$
-dnl
-AC_INIT([Squid Web Proxy],[3.1.22],[http://www.squid-cache.org/bugs/],[squid])
+AC_INIT([Squid Web Proxy],[3.1.23],[http://bugs.squid-cache.org/],[squid])
 AC_PREREQ(2.61)
 AC_CONFIG_HEADERS([include/autoconf.h])
 AC_CONFIG_AUX_DIR(cfgaux)
diff -u -r -N squid-3.1.22/include/version.h squid-3.1.23/include/version.h
--- squid-3.1.22/include/version.h	2012-12-02 23:03:29.000000000 +1300
+++ squid-3.1.23/include/version.h	2013-01-09 15:16:26.000000000 +1300
@@ -9,7 +9,7 @@
  */
 
 #ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1354442534
+#define SQUID_RELEASE_TIME 1357697719
 #endif
 
 #ifndef APP_SHORTNAME
diff -u -r -N squid-3.1.22/RELEASENOTES.html squid-3.1.23/RELEASENOTES.html
--- squid-3.1.22/RELEASENOTES.html	2012-12-02 23:23:45.000000000 +1300
+++ squid-3.1.23/RELEASENOTES.html	2013-01-09 15:35:38.000000000 +1300
@@ -2,10 +2,10 @@
 <HTML>
 <HEAD>
  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
- <TITLE>Squid 3.1.22 release notes</TITLE>
+ <TITLE>Squid 3.1.23 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 3.1.22 release notes</H1>
+<H1>Squid 3.1.23 release notes</H1>
 
 <H2>Squid Developers</H2>
 <HR>
@@ -71,7 +71,7 @@
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
 
-<P>The Squid Team are pleased to announce the release of Squid-3.1.22</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.1.23</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v3/3.1/">http://www.squid-cache.org/Versions/v3/3.1/</A> or the 
 <A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
diff -u -r -N squid-3.1.22/tools/cachemgr.cc squid-3.1.23/tools/cachemgr.cc
--- squid-3.1.22/tools/cachemgr.cc	2012-12-02 23:02:17.000000000 +1300
+++ squid-3.1.23/tools/cachemgr.cc	2013-01-09 15:15:21.000000000 +1300
@@ -943,10 +943,10 @@
 
     // limit the input to something reasonable.
     // 4KB should be enough for the GET/POST data length, but may be extended.
-    size_t bufLen = (len >= 4096 ? len : 4095);
+    size_t bufLen = (len < 4096 ? len : 4095);
     char *buf = (char *)xmalloc(bufLen + 1);
 
-    size_t readLen = fread(buf, bufLen, 1, stdin);
+    size_t readLen = fread(buf, 1, bufLen, stdin);
     if (readLen == 0) {
         xfree(buf);
         return NULL;
@@ -955,9 +955,9 @@
     len -= readLen;
 
     // purge the remainder of the request entity
-    while (len > 0) {
+    while (len > 0 && readLen) {
         char temp[65535];
-        readLen = fread(temp, 65535, 1, stdin);
+        readLen = fread(temp, 1, 65535, stdin);
         len -= readLen;
     }