Accepted tinyproxy 1.8.3-3 (source amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 24 Sep 2012 21:05:41 +0200
Source: tinyproxy
Binary: tinyproxy
Architecture: source amd64
Version: 1.8.3-3
Distribution: unstable
Urgency: high
Maintainer: Ed Boraas <ed@debian.org>
Changed-By: Jordi Mallach <jordi@debian.org>
Description:
tinyproxy - A lightweight, non-caching, optionally anonymizing HTTP proxy
Closes: 685281
Changes:
tinyproxy (1.8.3-3) unstable; urgency=high
.
* Add patches for CVE-2012-3505 (closes: #685281):
- CVE-2012-3505-tinyproxy-limit-headers.patch: Limit the number of
headers to prevent DoS attacks.
- CVE-2012-3505-tinyproxy-randomized-hashmaps.patch: Randomize hashmaps
in order to avoid fake headers getting included in the same bucket,
allowing for DoS attacks.
Bug reported and patches contributed by gpernot.
Checksums-Sha1:
3964dea8cffcd19439af9011420be6cd288aa526 1324 tinyproxy_1.8.3-3.dsc
d726db4d109a91df55d4384d8ba9c91eb5630195 13381 tinyproxy_1.8.3-3.debian.tar.bz2
605c1010fccea946a845dfd631eaf1a3ce4f8236 89094 tinyproxy_1.8.3-3_amd64.deb
Checksums-Sha256:
99cc8435faf07ca64f64d6482747d6c252c964e195de1c687b3b1b71db0b8a8c 1324 tinyproxy_1.8.3-3.dsc
56a2361ec88d497ff00284ad06936d2ce3b757ef1c4e965e96ea9e4869da2ceb 13381 tinyproxy_1.8.3-3.debian.tar.bz2
618ec4296f806116c906be0351ec921a9ff6d6fff3079ba69f257567f6a22132 89094 tinyproxy_1.8.3-3_amd64.deb
Files:
b9f394ce49a952a04c11883c7225858f 1324 web optional tinyproxy_1.8.3-3.dsc
f3d31a993d88ec9de54a1893df15f708 13381 web optional tinyproxy_1.8.3-3.debian.tar.bz2
ca0ca97ce87fafd976bb68e1184f276e 89094 web optional tinyproxy_1.8.3-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlBoeucACgkQJYSUupF6Il5l/QCdHcMv0aCreMqB4l0NjKRyaXLx
F1kAnRhnnfEk5v+MFus65TrqVL3dG3f0
=oqJC
-----END PGP SIGNATURE-----