Date: Fri, 8 Apr 2011 16:17:01 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges Please use CVE-2011-1499 Thanks. -- JB ----- Original Message ----- > A bug in tinyproxy prior to 1.8.3 would turn it into an open proxy if > it > were defined with an "Allow" statement including an IP address range > (i.e. 192.168.0.0/24). > > Could a CVE be assigned to this? > > References: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621493 > https://banu.com/bugzilla/show_bug.cgi?id=90 > https://banu.com/cgit/tinyproxy/commit/?id=e8426f6662dc467bd1d827100481b95d9a4a23e4 > https://bugzilla.redhat.com/show_bug.cgi?id=694658 > > -- > Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.