Your message dated Mon, 09 Mar 2026 04:05:30 +0000
with message-id <[email protected]>
and subject line Bug#1121539: fixed in tinyproxy 1.11.3-1
has caused the Debian Bug report #1121539,
regarding tinyproxy: CVE-2025-63938
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1121539: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121539
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tinyproxy
Version: 1.11.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/tinyproxy/tinyproxy/issues/586
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for tinyproxy.
CVE-2025-63938[0]:
| Tinyproxy through 1.11.2 contains an integer overflow vulnerability
| in the strip_return_port() function within src/reqs.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-63938
https://www.cve.org/CVERecord?id=CVE-2025-63938
[1] https://github.com/tinyproxy/tinyproxy/issues/586
[2]
https://github.com/tinyproxy/tinyproxy/commit/3c0fde94981b025271ffa1788ae425257841bf5a
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tinyproxy
Source-Version: 1.11.3-1
Done: Unit 193 <[email protected]>
We believe that the bug you reported is fixed in the latest version of
tinyproxy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Unit 193 <[email protected]> (supplier of updated tinyproxy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 08 Mar 2026 23:47:30 -0400
Source: tinyproxy
Architecture: source
Version: 1.11.3-1
Distribution: unstable
Urgency: medium
Maintainer: Mike Gabriel <[email protected]>
Changed-By: Unit 193 <[email protected]>
Closes: 1121539
Changes:
tinyproxy (1.11.3-1) unstable; urgency=medium
.
* d/watch: Update to version 5.
* New upstream version 1.11.3.
- reqs: fix integer overflow in port number processing.
Closes: #1121539, CVE-2025-63938
* d/control:
- Drop 'priority' and R³, set by default.
- Drop obsolete depends on lsb-base.
* Update Standards-Version to 4.7.3.
Checksums-Sha1:
edf109cfca15e8d9c3b7d81d0656698ff332b4a8 2016 tinyproxy_1.11.3-1.dsc
a757321c3b9a4c883657e2529776a7c20722cefc 114581 tinyproxy_1.11.3.orig.tar.gz
4d96f347f8d78a485eda4cfa24822ea6b3111fdc 23304 tinyproxy_1.11.3-1.debian.tar.xz
0f937c308fc66957af7ebdef31eef439571973fb 7160
tinyproxy_1.11.3-1_amd64.buildinfo
Checksums-Sha256:
e27be754b979559a5d0fe339cc557e5f3796453b21f490b4c72635f4d5662267 2016
tinyproxy_1.11.3-1.dsc
39319b863f20cf8b20e53b4bb8d1effdb5dd6926961d9f9fc88067de08dc8683 114581
tinyproxy_1.11.3.orig.tar.gz
1e365a5bcbfd8366c72c2c17bc1bfb46fc4669c5b2f76c1e2c24b979c3b01abb 23304
tinyproxy_1.11.3-1.debian.tar.xz
e0bb9edb136e077ba865f6b597eb2123e8dbe775544ce1b202196fa65ebb9a39 7160
tinyproxy_1.11.3-1_amd64.buildinfo
Files:
64de7b316b2a1043813878dac9d796f3 2016 web optional tinyproxy_1.11.3-1.dsc
ff358e23c92c081136cf8ec89fc508d7 114581 web optional
tinyproxy_1.11.3.orig.tar.gz
edab764d5f5a7e4f4ce790105880ed54 23304 web optional
tinyproxy_1.11.3-1.debian.tar.xz
68b8816275263bed1e8009e58a714328 7160 web optional
tinyproxy_1.11.3-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEjbPlhoZdK0orGFpcUAHhsJqjdEsFAmmuQ/0ACgkQUAHhsJqj
dEuqORAAlLXzyCusPgaU8NWDhc9jDNxL0Q8xJvba40cq5Pm5klTKt9iPvbk1pZbq
4SSOVUlAFrqYcUXNJkUKqVm38aSjeyYC/G9/PaRgqwXcxoZS0O3d7ZS4TF0CEYxl
pGiYKMWof6jUgkBfEmzdVC1wirDytrMlU7ZWWzYCCm37hwgvVnVOg4Vcr/LVNfOI
ZKlaGSt0ArrqVo57N2O1IKtyMEc3Fvwl9djRALmVP7l2/MHdEQd4cN/MCrZA9jFv
Au5p3olGLFxW8kk6+DuiasTqHhXlxs8YJ2gc7wYU3z7qHGt6v8HqPPpuIQhO2jer
3LSqzEwIof9L9xSC+9KSlmLLPy0mO45AAesJ6yKpUrOASgl61YWob0kaEeVgg8ky
EwkAYa30N5oF+/vtT+PtoRA2W5yWz21jR0ABAxAHbRmITy9EqL/yzWem69BinGZc
iICyy1+uuTofKkPXXoCB3H30ICh+ZTqW1FRcaYOqt2ukpHRaJ//1NTFqXW1n31GD
yM8wzlkFUfARiI+szEtwUrdejSVY6SP20w66L7diE8mloTdDhKPUivTZ6/i4AUr3
SemUTwGCiDMp8z9xwiqUlH0U32QNh03FYxNDuSgbbx0kdVaChrvra1Zbj3HXp6HS
xs13L0COBeFPVSJuj9tXYSEtJl0wPYsO0PDuNfBa6rTrz6tlqa4=
=Yc4A
-----END PGP SIGNATURE-----
pgpObGsZL8TP8.pgp
Description: PGP signature
--- End Message ---
