This bug was fixed in the package tinyproxy - 1.8.3-1ubuntu0.1
---
tinyproxy (1.8.3-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: Fix for denial of service vulnerability where remote
attackers send crafted request headers. (LP: #1154502)
-
** Changed in: tinyproxy (Ubuntu)
Status: New = Fix Released
** Changed in: tinyproxy (Ubuntu)
Importance: Undecided = High
** Also affects: tinyproxy (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: tinyproxy (Ubuntu Precise)
Importance: Undecided = High
Thanks Christian,
I had to make a slight change to the patch to build without warnings --
both stdlib.h and time.h were already included via a common.h
header file.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
indeed.
I have added updated patches to the upstream bug report:
https://banu.com/bugzilla/show_bug.cgi?id=110
Those adhere to coding guidelines and also add configure check for
the newly used functions (time, rand, srand).
These could go upstream.
I need to really understand the problem though
quantal and raring are not affected by any of these vulnerabilities.
Both already include all the needed fixes.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1154502
Title:
Multiple open
Note that CVE-2011-1499 and CVE-2011-1843 don't affect precise (higher
version than the vulnerable one). Hence just added patch for
CVE-2012-3505.
** Patch added: lp1154502-precise.debdiff
