This bug was fixed in the package tinyproxy - 1.8.3-1ubuntu0.1
---
tinyproxy (1.8.3-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: Fix for denial of service vulnerability where remote
attackers send crafted request headers. (LP: #1154502)
- debian/patches/001-C
indeed.
I have added updated patches to the upstream bug report:
https://banu.com/bugzilla/show_bug.cgi?id=110
Those adhere to coding guidelines and also add configure check for
the newly used functions (time, rand, srand).
These could go upstream.
I need to really understand the problem though
(i
Thanks Christian,
I had to make a slight change to the patch to build without warnings --
both and were already included via a "common.h"
header file.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1
** Changed in: tinyproxy (Ubuntu)
Status: New => Fix Released
** Changed in: tinyproxy (Ubuntu)
Importance: Undecided => High
** Also affects: tinyproxy (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: tinyproxy (Ubuntu Precise)
Importance: Undecided => Hi
quantal and raring are not affected by any of these vulnerabilities.
Both already include all the needed fixes.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1154502
Title:
Multiple open vulnerabili
Note that CVE-2011-1499 and CVE-2011-1843 don't affect precise (higher
version than the vulnerable one). Hence just added patch for
CVE-2012-3505.
** Patch added: "lp1154502-precise.debdiff"
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1154502/+attachment/3571700/+files/lp1154502-p
