CVE-2022-40468: Tinyproxy commit 84f203f and earlier does not process HTTP request lines in the process_request() function and is using uninitialized buffers. This vulnerability allows attackers to access sensitive information at system runtime. Unreleased fix is: https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
commit 0aaa953b3e08b8d320e85c417faf9110bd4a120f Author: Ben Kohler <bkohler@gentoo.org> Date: Tue Sep 20 07:01:51 2022 -0500 net-proxy/tinyproxy: add 1.11.1_p20220908 https://bugs.gentoo.org/871924 Signed-off-by: Ben Kohler <bkohler@gentoo.org>
Thanks, sorry I missed this! Please stabilize when ready.
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66f12d93c2c7a5907c75f2ffc9313a5201e013a3 commit 66f12d93c2c7a5907c75f2ffc9313a5201e013a3 Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2022-09-27 16:29:25 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2022-09-27 16:29:45 +0000 net-misc/connman: drop 1.42_pre20220801, 1.42_pre20220828 Bug: https://bugs.gentoo.org/871924 Signed-off-by: Ben Kohler <bkohler@gentoo.org> net-misc/connman/Manifest | 1 - net-misc/connman/connman-1.42_pre20220801.ebuild | 106 ----------------------- net-misc/connman/connman-1.42_pre20220828.ebuild | 106 ----------------------- 3 files changed, 213 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8f812cd6694204fb437994cd3a90160db34fc25 commit d8f812cd6694204fb437994cd3a90160db34fc25 Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2022-09-27 16:42:21 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2022-09-27 16:42:28 +0000 net-proxy/tinyproxy: drop 1.11.1 Bug: https://bugs.gentoo.org/871924 Signed-off-by: Ben Kohler <bkohler@gentoo.org> net-proxy/tinyproxy/Manifest | 1 - net-proxy/tinyproxy/tinyproxy-1.11.1.ebuild | 76 ----------------------------- 2 files changed, 77 deletions(-)
Thanks!
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=5fa49c75f6bb7e3ca649afb5387491e4e7315dbd commit 5fa49c75f6bb7e3ca649afb5387491e4e7315dbd Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-21 19:44:29 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-21 19:51:36 +0000 [ GLSA 202305-27 ] Tinyproxy: Memory Disclosure Bug: https://bugs.gentoo.org/871924 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-27.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)
GLSA released, all done!
