Ubuntu
tinyproxy package

Sync tinyproxy 1.8.3-3 (universe) from Debian unstable (main)

Bug #1059887 reported by Logan Rosen on 2012-10-01

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tinyproxy (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Please sync tinyproxy 1.8.3-3 (universe) from Debian unstable (main)

Changelog entries since current quantal version 1.8.3-2:

tinyproxy (1.8.3-3) unstable; urgency=high

  * Add patches for CVE-2012-3505 (closes: #685281):
    - CVE-2012-3505-tinyproxy-limit-headers.patch: Limit the number of
      headers to prevent DoS attacks.
    - CVE-2012-3505-tinyproxy-randomized-hashmaps.patch: Randomize hashmaps
      in order to avoid fake headers getting included in the same bucket,
      allowing for DoS attacks.
    Bug reported and patches contributed by gpernot.

-- Jordi Mallach <email address hidden> Mon, 24 Sep 2012 21:05:41 +0200

CVE References

2012-3505

Revision history for this message

Logan Rosen (logan) wrote on 2012-10-01:

build log Edit (39.9 KiB, text/plain)

security vulnerability:

no → yes

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2012-10-01:

somebody else sponsored this sync.

Changed in tinyproxy (Ubuntu):
status:	New → Fix Committed
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

build log Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntutinyproxy package