-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 24 Sep 2012 21:05:41 +0200 Source: tinyproxy Binary: tinyproxy Architecture: source amd64 Version: 1.8.3-3 Distribution: unstable Urgency: high Maintainer: Ed Boraas <ed@debian.org> Changed-By: Jordi Mallach <jordi@debian.org> Description: tinyproxy - A lightweight, non-caching, optionally anonymizing HTTP proxy Closes: 685281 Changes: tinyproxy (1.8.3-3) unstable; urgency=high . * Add patches for CVE-2012-3505 (closes: #685281): - CVE-2012-3505-tinyproxy-limit-headers.patch: Limit the number of headers to prevent DoS attacks. - CVE-2012-3505-tinyproxy-randomized-hashmaps.patch: Randomize hashmaps in order to avoid fake headers getting included in the same bucket, allowing for DoS attacks. Bug reported and patches contributed by gpernot. Checksums-Sha1: 3964dea8cffcd19439af9011420be6cd288aa526 1324 tinyproxy_1.8.3-3.dsc d726db4d109a91df55d4384d8ba9c91eb5630195 13381 tinyproxy_1.8.3-3.debian.tar.bz2 605c1010fccea946a845dfd631eaf1a3ce4f8236 89094 tinyproxy_1.8.3-3_amd64.deb Checksums-Sha256: 99cc8435faf07ca64f64d6482747d6c252c964e195de1c687b3b1b71db0b8a8c 1324 tinyproxy_1.8.3-3.dsc 56a2361ec88d497ff00284ad06936d2ce3b757ef1c4e965e96ea9e4869da2ceb 13381 tinyproxy_1.8.3-3.debian.tar.bz2 618ec4296f806116c906be0351ec921a9ff6d6fff3079ba69f257567f6a22132 89094 tinyproxy_1.8.3-3_amd64.deb Files: b9f394ce49a952a04c11883c7225858f 1324 web optional tinyproxy_1.8.3-3.dsc f3d31a993d88ec9de54a1893df15f708 13381 web optional tinyproxy_1.8.3-3.debian.tar.bz2 ca0ca97ce87fafd976bb68e1184f276e 89094 web optional tinyproxy_1.8.3-3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlBoeucACgkQJYSUupF6Il5l/QCdHcMv0aCreMqB4l0NjKRyaXLx F1kAnRhnnfEk5v+MFus65TrqVL3dG3f0 =oqJC -----END PGP SIGNATURE-----