Accepted tinyproxy 1.8.2-1squeeze3 (source amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 24 Sep 2012 21:05:41 +0200
Source: tinyproxy
Binary: tinyproxy
Architecture: source amd64
Version: 1.8.2-1squeeze3
Distribution: stable-security
Urgency: high
Maintainer: Ed Boraas <ed@debian.org>
Changed-By: Jordi Mallach <jordi@debian.org>
Description:
tinyproxy - A lightweight, non-caching, optionally anonymizing http proxy
Closes: 685281
Changes:
tinyproxy (1.8.2-1squeeze3) stable-security; urgency=high
.
* Add patches for CVE-2012-3505 (closes: #685281):
- CVE-2012-3505-tinyproxy-limit-headers.patch: Limit the number of
headers to prevent DoS attacks.
- CVE-2012-3505-tinyproxy-randomized-hashmaps.patch: Randomize hashmaps
in order to avoid fake headers getting included in the same bucket,
allowing for DoS attacks.
Bug reported and patches contributed by gpernot.
Checksums-Sha1:
8bd439d4b90b54e76da6190c911418711a6af258 1295 tinyproxy_1.8.2-1squeeze3.dsc
0d99220e277d71e89c285cc6b28a0d26fd505316 14264 tinyproxy_1.8.2-1squeeze3.debian.tar.bz2
31164865b8290f8dab68c52689776c5351b42a52 87550 tinyproxy_1.8.2-1squeeze3_amd64.deb
Checksums-Sha256:
a74f9f7cda2fdd4a98708a6f737f935a15948a11a1e521de273b1134f5546d25 1295 tinyproxy_1.8.2-1squeeze3.dsc
8285a7bcfc674e5e00f0013e0cf14deba476368ca46ed9a72b6801848f163731 14264 tinyproxy_1.8.2-1squeeze3.debian.tar.bz2
5f550c8778e1ed11ccf6484fa6a90e64acde2c1b7a0673b3333d52c1d87fb1a9 87550 tinyproxy_1.8.2-1squeeze3_amd64.deb
Files:
95136d26f2d3319b1a3cebb329fa1710 1295 web optional tinyproxy_1.8.2-1squeeze3.dsc
9f1cb3dac6372aa328c9f0c675307dec 14264 web optional tinyproxy_1.8.2-1squeeze3.debian.tar.bz2
2f2952c740e4d1c9b5dfafe414e7d2f1 87550 web optional tinyproxy_1.8.2-1squeeze3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlBqFaUACgkQJYSUupF6Il7LzQCfSdkuQGIwtOAVqxBPSLkiFjUW
zsgAoPRUDR/HGOSbYFlfw4COJzRe7vzj
=lf60
-----END PGP SIGNATURE-----