Re: Proposed upload of tinyproxy to stable
On Mon, 2012-01-02 at 16:47 +0100, Jordi Mallach wrote:
> In response to #627503, I had prepared a stable-security upload of
> tinyproxy to address this issue.
>
> After discussing with jmm, we're discarding doing a DSA for this issue as
> an exploit can't happen if an attacker doesn't control the configuration
> file.
>
> He thinks the patch would be fine for s-p-u though, so I'm attaching the
> following patch so the upload can be considered.
Thanks for this. Looking at the changelog for 1.8.3-1, I'm guessing
that this is the same issue that's resolved in that upload, but would it
be possible to get some version information added to #627503, please, so
that the BTS reflects what's going on with the various versions of the
package currently in the archive?
Regards,
Adam
Reply to: