Bug 33206

Summary: tinyproxy new security issues CVE-2022-40468, CVE-2023-40533 and CVE-2023-49606
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: Johnny A. Solbu <cooker>
Status: NEW --- QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: geiger.david68210
Version: 9   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: tinyproxy-1.10.0-3.mga9.src.rpm CVE: CVE-2022-40468, CVE-2023-40533, CVE-2023-49606
Status comment: Fixed upstream in 1.11.2

Description Nicolas Salguero 2024-05-13 15:51:27 CEST 
CVE-2023-49606, CVE-2023-40533 were announced here:
https://www.openwall.com/lists/oss-security/2024/05/07/1

openSUSE has released an advisory on May 10:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/OM62U7F2OTTTTR4PTM6RV3UAOCUHRC75/

Mageia 9 is also affected.

The problems were fixed in version 1.11.2.
Nicolas Salguero 2024-05-13 15:52:23 CEST

CVE: (none) => CVE-2022-40468, CVE-2023-40533, CVE-2023-49606
Source RPM: (none) => tinyproxy-1.11.1-1.mga10.src.rpm
Status comment: (none) => Fixed upstream in 1.11.2
Whiteboard: (none) => MGA9TOO

Comment 1 Lewis Smith 2024-05-16 20:54:01 CEST 
Astraight version update. Assigning globally.

Assignee: bugsquad => pkg-bugs

Comment 2 David GEIGER 2024-05-17 16:00:29 CEST 
Assigning to the registered maintainer!

Assignee: pkg-bugs => cooker
CC: (none) => geiger.david68210

Comment 3 David GEIGER 2024-05-18 07:51:14 CEST 
Cauldron was fixed!

Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)

Nicolas Salguero 2024-05-29 16:01:35 CEST

Source RPM: tinyproxy-1.11.1-1.mga10.src.rpm => tinyproxy-1.10.0-3.mga9.src.rpm