Hi Thijs On Sun, Sep 30, 2012 at 09:33:46AM +0200, Thijs Kinkhorst wrote: > Hi Salvatore, > > On Sat, September 29, 2012 19:15, Salvatore Bonaccorso wrote: > > On Sun, Aug 19, 2012 at 01:23:38PM +0200, Jordi Mallach wrote: > >> On Sun, Aug 19, 2012 at 11:42:57AM +0200, Thijs Kinkhorst wrote: > >> > A Denial of Service attack has been reported against tinyproxy: > >> > https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985 > >> > https://banu.com/bugzilla/show_bug.cgi?id=110#c2 > >> > > >> > Can you please see to it that this gets addressed in unstable > >> > (and by extension wheezy)? > >> > > >> > Please use CVE-2012-3505 to refer to this issue. > >> > >> Will try to get something done ASAP. > >> > >> Should I do something about stable too? The codebase should be really > >> similar. > > > > I looked at the current prepared version for unstable in the tinyproxy > > subversion repository, attached is the debdiff to the current version > > in unstable. > > > > Are you fine if I upload this as it is to unstable? > > > > @SecurityTeam: I'm not Maintainer of the package but tinyproxy > > appeared on the radar for RC bugs for wheezy, so noticed this one. > > Thanks for your work. It looks good. The changelog does have some quirks: > your version number is not NMU-style but maintianer-style, you're not > Jordi Mallach and you added a dot in an unrelated stanza. If you fix these > small items up, please upload this.
I actually haven't done the 'real' work. All the real work was already prepared by Jordi Mallach who pushed his work to the svn repository. I know he would not be able to upload the package itself in next month, so I had a look what he did, and builded his version. He asked if someone can upload this for him. I'm sorry if I was not clear about this. Regards, Salvatore
signature.asc
Description: Digital signature
