Fedora
tinyproxy package

  1. Bug #1036985
  2. Comment #6

Comment 6 for bug 1036985

Revision history for this message
Jeremy BĂ­cha (jbicha) wrote :

This bug was fixed in the package tinyproxy - 1.8.3-3

---------------
tinyproxy (1.8.3-3) unstable; urgency=high

  * Add patches for CVE-2012-3505 (closes: #685281):
    - CVE-2012-3505-tinyproxy-limit-headers.patch: Limit the number of
      headers to prevent DoS attacks.
    - CVE-2012-3505-tinyproxy-randomized-hashmaps.patch: Randomize hashmaps
      in order to avoid fake headers getting included in the same bucket,
      allowing for DoS attacks.
    Bug reported and patches contributed by gpernot.

 -- Jordi Mallach <email address hidden> Mon, 24 Sep 2012 21:05:41 +0200