Launchpad has imported 7 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=849368.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help
This was fixed in precise in:
tinyproxy (1.8.3-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: Fix for denial of service vulnerability where remote
attackers send crafted request headers. (LP: #1154502)
- debian/patches/001-CVE-2012-3505.patch: Limit the number of headers t
Fix pushed to upstream and will be released very soon in tinyproxy
1.8.4.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985
Title:
denial of service of too many headers in response
To manage no
** Changed in: tinyproxy (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985
Title:
denial of service of too many headers in response
To manage not
Launchpad has imported 3 comments from the remote bug at
https://banu.com/bugzilla/show_bug.cgi?id=110.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.laun
This bug was fixed in the package tinyproxy - 1.8.3-3
---
tinyproxy (1.8.3-3) unstable; urgency=high
* Add patches for CVE-2012-3505 (closes: #685281):
- CVE-2012-3505-tinyproxy-limit-headers.patch: Limit the number of
headers to prevent DoS attacks.
- CVE-2012-3505-ti
I have filed a sync request from Debian in Bug 1059887.
** Bug watch added: Banu Bugzilla #110
https://banu.com/bugzilla/show_bug.cgi?id=110
** Also affects: tinyproxy via
https://banu.com/bugzilla/show_bug.cgi?id=110
Importance: Unknown
Status: Unknown
--
You received this bug
** Also affects: tinyproxy (Ubuntu Precise)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985
Title:
denial of service of too many headers in response
** Bug watch added: Debian Bug tracker #685281
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281
** Also affects: tinyproxy (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281
Importance: Unknown
Status: Unknown
--
You received this bug notification because
** Changed in: tinyproxy (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985
Title:
denial of service of too many headers in response
To manage not
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3505
** Bug watch added: Red Hat Bugzilla #849368
https://bugzilla.redhat.com/show_bug.cgi?id=849368
** Also affects: tinyproxy (Fedora) via
https://bugzilla.redhat.com/show_bug.cgi?id=849368
Importance: Unknown
The attachment "limit number of headers to prevent DoS attacks" of this
bug report has been identified as being a patch. The ubuntu-reviewers
team has been subscribed to the bug report so that they can review the
patch. In the event that this is in fact not a patch you can resolve
this situation
I have requested a CVE for this on oss-security:
http://www.openwall.com/lists/oss-security/2012/08/17/3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985
Title:
denial of service of too many he
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is availabl
14 matches
Mail list logo
