Bug 33206 - tinyproxy new security issues CVE-2022-40468, CVE-2023-40533 and CVE-2023-49606
Summary: tinyproxy new security issues CVE-2022-40468, CVE-2023-40533 and CVE-2023-49606
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Johnny A. Solbu
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-13 15:51 CEST by Nicolas Salguero
Modified: 2024-05-29 16:01 CEST (History)
1 user (show)

See Also:
Source RPM: tinyproxy-1.10.0-3.mga9.src.rpm
CVE: CVE-2022-40468, CVE-2023-40533, CVE-2023-49606
Status comment: Fixed upstream in 1.11.2

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-05-13 15:51:27 CEST 
CVE-2023-49606, CVE-2023-40533 were announced here:
https://www.openwall.com/lists/oss-security/2024/05/07/1

openSUSE has released an advisory on May 10:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/OM62U7F2OTTTTR4PTM6RV3UAOCUHRC75/

Mageia 9 is also affected.

The problems were fixed in version 1.11.2.
Nicolas Salguero 2024-05-13 15:52:23 CEST

CVE: (none) => CVE-2022-40468, CVE-2023-40533, CVE-2023-49606
Source RPM: (none) => tinyproxy-1.11.1-1.mga10.src.rpm
Status comment: (none) => Fixed upstream in 1.11.2
Whiteboard: (none) => MGA9TOO

Comment 1 Lewis Smith 2024-05-16 20:54:01 CEST 
Astraight version update. Assigning globally.

Assignee: bugsquad => pkg-bugs

Comment 2 David GEIGER 2024-05-17 16:00:29 CEST 
Assigning to the registered maintainer!

Assignee: pkg-bugs => cooker
CC: (none) => geiger.david68210

Comment 3 David GEIGER 2024-05-18 07:51:14 CEST 
Cauldron was fixed!

Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)

Nicolas Salguero 2024-05-29 16:01:35 CEST

Source RPM: tinyproxy-1.11.1-1.mga10.src.rpm => tinyproxy-1.10.0-3.mga9.src.rpm
Note You need to log in before you can comment on or make changes to this bug.