diff -u -r -N squid-3.3.7/ChangeLog squid-3.3.8/ChangeLog
--- squid-3.3.7/ChangeLog	2013-07-11 18:08:06.000000000 +1200
+++ squid-3.3.8/ChangeLog	2013-07-14 01:25:14.000000000 +1200
@@ -1,4 +1,9 @@
 
+Changes to squid-3.3.8 (13 Jul 2013):
+
+	- Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
+	- Improved handling of port values in Host: header validation
+
 Changes to squid-3.3.7 (11 Jul 2013):
 
 	- Bug 3297: Fix openSSL related build failures
@@ -110,6 +115,11 @@
 	- ... and many compile error fixes
 	- ... and a very large amount of code polish for faster compilation
 
+Changes to squid-3.2.13 (13 Jul 2013):
+
+	- Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
+	- Improved handling of port values in Host: header validation
+
 Changes to squid-3.2.12 (11 Jul 2013):
 
 	- Protect against buffer overrun in DNS query generation
diff -u -r -N squid-3.3.7/configure squid-3.3.8/configure
--- squid-3.3.7/configure	2013-07-11 18:09:14.000000000 +1200
+++ squid-3.3.8/configure	2013-07-14 01:26:28.000000000 +1200
@@ -1,7 +1,7 @@
 #! /bin/sh
 # From configure.ac Revision.
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.3.7.
+# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.3.8.
 #
 # Report bugs to <http://bugs.squid-cache.org/>.
 #
@@ -575,8 +575,8 @@
 # Identity of this package.
 PACKAGE_NAME='Squid Web Proxy'
 PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.3.7'
-PACKAGE_STRING='Squid Web Proxy 3.3.7'
+PACKAGE_VERSION='3.3.8'
+PACKAGE_STRING='Squid Web Proxy 3.3.8'
 PACKAGE_BUGREPORT='http://bugs.squid-cache.org/'
 PACKAGE_URL=''
 
@@ -1570,7 +1570,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.3.7 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 3.3.8 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1640,7 +1640,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of Squid Web Proxy 3.3.7:";;
+     short | recursive ) echo "Configuration of Squid Web Proxy 3.3.8:";;
    esac
   cat <<\_ACEOF
 
@@ -2014,7 +2014,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-Squid Web Proxy configure 3.3.7
+Squid Web Proxy configure 3.3.8
 generated by GNU Autoconf 2.68
 
 Copyright (C) 2010 Free Software Foundation, Inc.
@@ -3110,7 +3110,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by Squid Web Proxy $as_me 3.3.7, which was
+It was created by Squid Web Proxy $as_me 3.3.8, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   $ $0 $@
@@ -3929,7 +3929,7 @@
 
 # Define the identity of the package.
  PACKAGE='squid'
- VERSION='3.3.7'
+ VERSION='3.3.8'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -31810,7 +31810,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by Squid Web Proxy $as_me 3.3.7, which was
+This file was extended by Squid Web Proxy $as_me 3.3.8, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -31876,7 +31876,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-Squid Web Proxy config.status 3.3.7
+Squid Web Proxy config.status 3.3.8
 configured by $0, generated by GNU Autoconf 2.68,
   with options \\"\$ac_cs_config\\"
 
diff -u -r -N squid-3.3.7/configure.ac squid-3.3.8/configure.ac
--- squid-3.3.7/configure.ac	2013-07-11 18:09:14.000000000 +1200
+++ squid-3.3.8/configure.ac	2013-07-14 01:26:28.000000000 +1200
@@ -1,4 +1,4 @@
-AC_INIT([Squid Web Proxy],[3.3.7],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[3.3.8],[http://bugs.squid-cache.org/],[squid])
 AC_PREREQ(2.61)
 AC_CONFIG_HEADERS([include/autoconf.h])
 AC_CONFIG_AUX_DIR(cfgaux)
diff -u -r -N squid-3.3.7/helpers/basic_auth/DB/basic_db_auth.8 squid-3.3.8/helpers/basic_auth/DB/basic_db_auth.8
--- squid-3.3.7/helpers/basic_auth/DB/basic_db_auth.8	2013-07-11 18:34:17.000000000 +1200
+++ squid-3.3.8/helpers/basic_auth/DB/basic_db_auth.8	2013-07-14 01:51:11.000000000 +1200
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BASIC_DB_AUTH 1"
-.TH BASIC_DB_AUTH 1 "2013-07-11" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 1 "2013-07-13" "perl v5.10.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-3.3.7/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.3.8/helpers/external_acl/SQL_session/ext_sql_session_acl.8
--- squid-3.3.7/helpers/external_acl/SQL_session/ext_sql_session_acl.8	2013-07-11 18:34:19.000000000 +1200
+++ squid-3.3.8/helpers/external_acl/SQL_session/ext_sql_session_acl.8	2013-07-14 01:51:22.000000000 +1200
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_SQL_SESSION_ACL 1"
-.TH EXT_SQL_SESSION_ACL 1 "2013-07-11" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH EXT_SQL_SESSION_ACL 1 "2013-07-13" "perl v5.10.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-3.3.7/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.3.8/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8
--- squid-3.3.7/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8	2013-07-11 18:34:20.000000000 +1200
+++ squid-3.3.8/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8	2013-07-14 01:51:23.000000000 +1200
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1"
-.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-07-11" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-07-13" "perl v5.10.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-3.3.7/helpers/log_daemon/DB/log_db_daemon.8 squid-3.3.8/helpers/log_daemon/DB/log_db_daemon.8
--- squid-3.3.7/helpers/log_daemon/DB/log_db_daemon.8	2013-07-11 18:34:20.000000000 +1200
+++ squid-3.3.8/helpers/log_daemon/DB/log_db_daemon.8	2013-07-14 01:51:24.000000000 +1200
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "LOG_DB_DAEMON 1"
-.TH LOG_DB_DAEMON 1 "2013-07-11" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH LOG_DB_DAEMON 1 "2013-07-13" "perl v5.10.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-3.3.7/include/version.h squid-3.3.8/include/version.h
--- squid-3.3.7/include/version.h	2013-07-11 18:09:14.000000000 +1200
+++ squid-3.3.8/include/version.h	2013-07-14 01:26:28.000000000 +1200
@@ -7,7 +7,7 @@
  */
 
 #ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1373522872
+#define SQUID_RELEASE_TIME 1373721912
 #endif
 
 #ifndef APP_SHORTNAME
diff -u -r -N squid-3.3.7/RELEASENOTES.html squid-3.3.8/RELEASENOTES.html
--- squid-3.3.7/RELEASENOTES.html	2013-07-11 18:34:27.000000000 +1200
+++ squid-3.3.8/RELEASENOTES.html	2013-07-14 01:51:51.000000000 +1200
@@ -2,10 +2,10 @@
 <HTML>
 <HEAD>
  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69">
- <TITLE>Squid 3.3.7 release notes</TITLE>
+ <TITLE>Squid 3.3.8 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 3.3.7 release notes</H1>
+<H1>Squid 3.3.8 release notes</H1>
 
 <H2>Squid Developers</H2>
 <HR>
@@ -56,7 +56,7 @@
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
 
-<P>The Squid Team are pleased to announce the release of Squid-3.3.7.</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.3.8.</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v3/3.3/">http://www.squid-cache.org/Versions/v3/3.3/</A> or the 
 <A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
diff -u -r -N squid-3.3.7/src/client_side_request.cc squid-3.3.8/src/client_side_request.cc
--- squid-3.3.7/src/client_side_request.cc	2013-07-11 18:08:06.000000000 +1200
+++ squid-3.3.8/src/client_side_request.cc	2013-07-14 01:25:14.000000000 +1200
@@ -659,8 +659,16 @@
     uint16_t port = 0;
     if (portStr) {
         *portStr = '\0'; // strip the ':'
-        if (*(++portStr) != '\0')
-            port = xatoi(portStr);
+        if (*(++portStr) != '\0') {
+            char *end = NULL;
+            int64_t ret = strtoll(portStr, &end, 10);
+            if (end == portStr || *end != '\0' || ret < 1 || ret > 0xFFFF) {
+                // invalid port details. Replace the ':'
+                *(--portStr) = ':';
+                portStr = NULL;
+            } else
+                port = (ret & 0xFFFF);
+        }
     }
 
     debugs(85, 3, HERE << "validate host=" << host << ", port=" << port << ", portStr=" << (portStr?portStr:"NULL"));
diff -u -r -N squid-3.3.7/src/MemBuf.h squid-3.3.8/src/MemBuf.h
--- squid-3.3.7/src/MemBuf.h	2013-07-11 18:08:06.000000000 +1200
+++ squid-3.3.8/src/MemBuf.h	2013-07-14 01:25:14.000000000 +1200
@@ -64,7 +64,7 @@
 
     /// these space-related methods assume no growth and allow 0-termination
     char *space() { return buf + size; } // space to add data
-    char *space(mb_size_t required) { if (size + required > capacity) grow(size + required); return buf + size; } // space to add data
+    char *space(mb_size_t required) { if (size + required >= capacity) grow(size + required +1); return buf + size; } // space to add data
 
     mb_size_t spaceSize() const;
 
