On Mon, 2012-01-02 at 16:47 +0100, Jordi Mallach wrote: > In response to #627503, I had prepared a stable-security upload of > tinyproxy to address this issue. > > After discussing with jmm, we're discarding doing a DSA for this issue as > an exploit can't happen if an attacker doesn't control the configuration > file. > > He thinks the patch would be fine for s-p-u though, so I'm attaching the > following patch so the upload can be considered.
Thanks for this. Looking at the changelog for 1.8.3-1, I'm guessing that this is the same issue that's resolved in that upload, but would it be possible to get some version information added to #627503, please, so that the BTS reflects what's going on with the various versions of the package currently in the archive? Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
