CVE-2013-0189

Name	CVE-2013-0189
Description	cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.
Source	CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
References	DSA-2631-1
NVD severity	medium (attack range: remote)
Debian Bugs	696187
Debian/oldstable	not vulnerable.
Debian/stable	not vulnerable.
Debian/testing	not vulnerable.
Debian/unstable	not vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
squid (PTS)	squeeze	2.7.STABLE9-2.1	fixed
	wheezy	2.7.STABLE9-4.1	fixed
	wheezy (security)	2.7.STABLE9-4.1+deb7u1	fixed
	sid	2.7.STABLE9-5	fixed
squid3 (PTS)	squeeze (security), squeeze	3.1.6-1.2+squeeze3	fixed
	squeeze (lts)	3.1.6-1.2+squeeze4	fixed
	wheezy, wheezy (security)	3.1.20-2.2+deb7u2	fixed
	jessie, sid	3.4.8-6	fixed

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
squid	source	(unstable)	2.7.STABLE9-2	medium
squid3	source	(unstable)	3.1.20-2.1	medium		696187
squid3	source	squeeze	3.1.6-1.2+squeeze3	medium	DSA-2631-1

squid-cgi was removed in 2.7.STABLE9-2
possible regression, see #701123