-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 24 Sep 2012 21:05:41 +0200 Source: tinyproxy Binary: tinyproxy Architecture: source amd64 Version: 1.8.2-1squeeze3 Distribution: stable-security Urgency: high Maintainer: Ed Boraas <ed@debian.org> Changed-By: Jordi Mallach <jordi@debian.org> Description: tinyproxy - A lightweight, non-caching, optionally anonymizing http proxy Closes: 685281 Changes: tinyproxy (1.8.2-1squeeze3) stable-security; urgency=high . * Add patches for CVE-2012-3505 (closes: #685281): - CVE-2012-3505-tinyproxy-limit-headers.patch: Limit the number of headers to prevent DoS attacks. - CVE-2012-3505-tinyproxy-randomized-hashmaps.patch: Randomize hashmaps in order to avoid fake headers getting included in the same bucket, allowing for DoS attacks. Bug reported and patches contributed by gpernot. Checksums-Sha1: 8bd439d4b90b54e76da6190c911418711a6af258 1295 tinyproxy_1.8.2-1squeeze3.dsc 0d99220e277d71e89c285cc6b28a0d26fd505316 14264 tinyproxy_1.8.2-1squeeze3.debian.tar.bz2 31164865b8290f8dab68c52689776c5351b42a52 87550 tinyproxy_1.8.2-1squeeze3_amd64.deb Checksums-Sha256: a74f9f7cda2fdd4a98708a6f737f935a15948a11a1e521de273b1134f5546d25 1295 tinyproxy_1.8.2-1squeeze3.dsc 8285a7bcfc674e5e00f0013e0cf14deba476368ca46ed9a72b6801848f163731 14264 tinyproxy_1.8.2-1squeeze3.debian.tar.bz2 5f550c8778e1ed11ccf6484fa6a90e64acde2c1b7a0673b3333d52c1d87fb1a9 87550 tinyproxy_1.8.2-1squeeze3_amd64.deb Files: 95136d26f2d3319b1a3cebb329fa1710 1295 web optional tinyproxy_1.8.2-1squeeze3.dsc 9f1cb3dac6372aa328c9f0c675307dec 14264 web optional tinyproxy_1.8.2-1squeeze3.debian.tar.bz2 2f2952c740e4d1c9b5dfafe414e7d2f1 87550 web optional tinyproxy_1.8.2-1squeeze3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlBqFaUACgkQJYSUupF6Il7LzQCfSdkuQGIwtOAVqxBPSLkiFjUW zsgAoPRUDR/HGOSbYFlfw4COJzRe7vzj =lf60 -----END PGP SIGNATURE-----
