Comment 1 Tim Sammut (RETIRED) 2012-08-20 22:46:40 UTC

Thanks for the bug, taaroa.

Patches attached to the upstream bug in c0.

Comment 2 GLSAMaker/CVETool Bot 2012-10-13 20:40:22 UTC

CVE-2012-3505 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3505):
  tinyproxy before 1.8.3-3 allows remote attackers to cause a denial of
  service (CPU and memory consumption) via (1) a large number of headers or
  (2) a large number of forged headers that are hashed into the same bucket.

Comment 3 Tom Wijsman (TomWij) (RETIRED) 2013-05-30 16:48:08 UTC

+  30 May 2013; Tom Wijsman <TomWij@gentoo.org> ChangeLog,
+  +tinyproxy-1.8.3-r2.ebuild, +files/tinyproxy-1.8.3-r2.initd,
+  +files/tinyproxy-1.8.3-r2-DoS-Prevention.patch:
+  Use /run instead of /var/run, fixes bug #444167. Apply DoS Prevention
+  patches, temporary fixes for bug #432046. Fix ChangeLog issues; there was an
+  empty log message above header by flameeyes and an empty message by jer.

Comment 4 Pacho Ramos 2013-09-14 14:53:53 UTC

(In reply to Tom Wijsman (TomWij) from comment #3)
> +  30 May 2013; Tom Wijsman <TomWij@gentoo.org> ChangeLog,
> +  +tinyproxy-1.8.3-r2.ebuild, +files/tinyproxy-1.8.3-r2.initd,
> +  +files/tinyproxy-1.8.3-r2-DoS-Prevention.patch:
> +  Use /run instead of /var/run, fixes bug #444167. Apply DoS Prevention
> +  patches, temporary fixes for bug #432046. Fix ChangeLog issues; there was
> an
> +  empty log message above header by flameeyes and an empty message by jer.

Maybe -r3 could be stabilized instead of -r2 as the only differences are systemd unit files installation

Comment 5 Chris Reffett (RETIRED) 2013-09-16 23:45:13 UTC

@maintainers: if it's okay to stable, please CC arches with your target version.

Comment 6 Pacho Ramos 2013-09-21 11:24:55 UTC

Ok with 1.8.3-r3 then?

Comment 7 Tom Wijsman (TomWij) (RETIRED) 2013-09-23 12:13:34 UTC

Please stabilize =net-proxy/tinyproxy-1.8.3-r3.

Target keywords: alpha amd64 ia64 ppc sparc x86

Comment 8 Agostino Sarubbo 2013-09-23 19:12:29 UTC

amd64 stable

Comment 9 Agostino Sarubbo 2013-10-06 07:51:50 UTC

x86 stable

Comment 10 Agostino Sarubbo 2013-10-06 10:13:17 UTC

ia64 stable

Comment 11 Agostino Sarubbo 2013-10-06 15:20:36 UTC

alpha stable

Comment 12 Agostino Sarubbo 2013-10-07 19:30:48 UTC

ppc stable

Comment 13 Agostino Sarubbo 2013-10-09 17:10:32 UTC

sparc stable

Comment 14 Chris Reffett (RETIRED) 2013-10-10 03:13:01 UTC

GLSA request filed. @maintainers: cleanup please.

Comment 15 Chris Reffett (RETIRED) 2013-10-10 03:24:20 UTC

Hm, that was supposed to be glsa?. Oh well. Request still filed.

Comment 16 Tom Wijsman (TomWij) (RETIRED) 2013-10-10 23:25:23 UTC

+  10 Oct 2013; Tom Wijsman <TomWij@gentoo.org> -tinyproxy-1.8.3-r1.ebuild,
+  -tinyproxy-1.8.3-r2.ebuild, -tinyproxy-1.8.3.ebuild:
+  Cleanup of old ebuilds for security bug #432046

Comment 17 GLSAMaker/CVETool Bot 2013-12-23 18:17:31 UTC

This issue was resolved and addressed in
 GLSA 201312-15 at http://security.gentoo.org/glsa/glsa-201312-15.xml
by GLSA coordinator Sergey Popov (pinkbyte).