Hi Moritz, I can see https://banu.com/cgit/tinyproxy/diff/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4 fixing a security issue, which we fixed in DSA 2222, but I can't see how the other issue,
> https://banu.com/cgit/tinyproxy/diff/?id=97b9984484299b2ce72f8f4fc3706dab8a3a8439 regarding a bug in the handling of port numbers, should be marked as "security". What's your opinion? https://banu.com/bugzilla/show_bug.cgi?id=90 does mention this commit, but it's treated as a "sub issue" uncovered by the reporter. In short, my view is that if you set an invalid port in the config, TP does not do the right thing, but that does not warrant a DSA or a CVE. I think there's some confusion with CVE-2011-1843. Jordi -- Jordi Mallach PĂ©rez -- Debian developer http://www.debian.org/ jo...@sindominio.net jo...@debian.org http://www.sindominio.net/ GnuPG public key information available at http://oskuro.net/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
