Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

ziproxy: CVE-2010-2350

Related Vulnerabilities: CVE-2010-2350  

Source

Debian Bug report logs - #587039
ziproxy: CVE-2010-2350

version graph

Package: ziproxy; Maintainer for ziproxy is Marcos Talau <talau@users.sourceforge.net>; Source for ziproxy is src:ziproxy (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Thu, 24 Jun 2010 17:21:04 UTC

Severity: grave

Tags: security

Fixed in version ziproxy/3.1.1-1

Done: Marcos Talau <talau@users.sourceforge.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Marcos Talau <talau@users.sourceforge.net>:
Bug#587039; Package ziproxy. (Thu, 24 Jun 2010 17:21:06 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Marcos Talau <talau@users.sourceforge.net>. (Thu, 24 Jun 2010 17:21:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ziproxy: CVE-2010-2350
Date: Thu, 24 Jun 2010 19:19:56 +0200
Package: ziproxy
Severity: grave
Tags: security
Justification: user security hole

A new security issue has been introduced in 3.1.0:      
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2350          
                                                    
Cheers,      
       Moritz

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8@euro, LC_CTYPE=de_DE.UTF-8@euro (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Reply sent to Marcos Talau <talau@users.sourceforge.net>:
You have taken responsibility. (Sun, 27 Jun 2010 09:57:11 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sun, 27 Jun 2010 09:57:11 GMT) (full text, mbox, link).

Message #10 received at 587039-close@bugs.debian.org (full text, mbox, reply):

From: Marcos Talau <talau@users.sourceforge.net>
To: 587039-close@bugs.debian.org
Subject: Bug#587039: fixed in ziproxy 3.1.1-1
Date: Sun, 27 Jun 2010 09:56:30 +0000
Source: ziproxy
Source-Version: 3.1.1-1

We believe that the bug you reported is fixed in the latest version of
ziproxy, which is due to be installed in the Debian FTP archive:

ziproxy_3.1.1-1.debian.tar.gz
  to main/z/ziproxy/ziproxy_3.1.1-1.debian.tar.gz
ziproxy_3.1.1-1.dsc
  to main/z/ziproxy/ziproxy_3.1.1-1.dsc
ziproxy_3.1.1-1_i386.deb
  to main/z/ziproxy/ziproxy_3.1.1-1_i386.deb
ziproxy_3.1.1.orig.tar.bz2
  to main/z/ziproxy/ziproxy_3.1.1.orig.tar.bz2



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 587039@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marcos Talau <talau@users.sourceforge.net> (supplier of updated ziproxy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 25 Jun 2010 21:29:00 -0300
Source: ziproxy
Binary: ziproxy
Architecture: source i386
Version: 3.1.1-1
Distribution: unstable
Urgency: low
Maintainer: Marcos Talau <talau@users.sourceforge.net>
Changed-By: Marcos Talau <talau@users.sourceforge.net>
Description: 
 ziproxy    - compressing HTTP proxy server
Closes: 587039
Changes: 
 ziproxy (3.1.1-1) unstable; urgency=low
 .
   * New upstream release (Closes: #587039) [CVE-2010-2350]
     - Thanks to Moritz Muehlenhoff
   * debian/patches/02_ziproxy_genhtml_stats-bashism.diff
     - Removed, merged upstream.
   * debian/control
     - Renamed Vcs* address
   * debian/patches/02_ziproxy_3.1.1_speedup.diff
     - New patch for fix CPU load problem
   * debian/ziproxy.init
     - Removed $local_fs from Required-{Start,Stop}
Checksums-Sha1: 
 119b84c1c66c3ed5fe43171b71c9c9b383446c01 1892 ziproxy_3.1.1-1.dsc
 c75058fcee5f8bc1cea035d1868ae40e53514393 260604 ziproxy_3.1.1.orig.tar.bz2
 159cd36cb44e8d612c37a15b49b494a03cf4daba 7806 ziproxy_3.1.1-1.debian.tar.gz
 fad2cd88b84c266df5995b9a6e2902b52a4c83aa 125094 ziproxy_3.1.1-1_i386.deb
Checksums-Sha256: 
 5fd3bdb67247021e3e4cf2297c8a8dfa11aa227b9289288ef5d0acc233a129e2 1892 ziproxy_3.1.1-1.dsc
 8066037eb7a82dc140286ac0e58c81d36da8bc1c76f2699cd0c44f8a631f93b2 260604 ziproxy_3.1.1.orig.tar.bz2
 4e49883a1e8e395ab7b32ec2d5a93e9cbe3696b20f9a2966fcf5029bf51985f2 7806 ziproxy_3.1.1-1.debian.tar.gz
 900fbdee98ea150a10caaf2889ef9bad3d7199a82f67aeb6025c8bc1f0972dcb 125094 ziproxy_3.1.1-1_i386.deb
Files: 
 31a8742789f70285c63a97219bde1cfc 1892 net extra ziproxy_3.1.1-1.dsc
 acbec584995b92d12fd44a0a1cff6046 260604 net extra ziproxy_3.1.1.orig.tar.bz2
 6ba1733522abeb8ece0eea81608a9515 7806 net extra ziproxy_3.1.1-1.debian.tar.gz
 890a775e62ef331fe59709d2ec6db78d 125094 net extra ziproxy_3.1.1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJMJw41AAoJEKv/7bJACMb5CBkP/jUqIt4sTqtdW50gLTId4mj6
zDmfVxvtVQX/xmQFXqrpUYATVr4rERO6QQCJsgKg9VJlUwJbc040ssSHFmzO8axW
7eez/sbbjjz77jwXFdcS/DrFKuX63PT29Ea40pwtoRQEnLAEdpimJfzQf7Lw9g+2
WUV2fyVrdKE+qcYVLAOj3HQC2zkFY61cNHEDF1h4pwYi1Bvm++3iCRYOhfQP9KMp
ntQ9uxlcLocS1eQD7ygUhK+QYy/cYPh48eu4p8w6UdO/ySlw2aHxtvBFE5NkNsH6
fKeoBOrFaRbUw2NDiM53G1C1Iw/LtPYIldOIc3g9O2Mo7CqlSobi4HIwZ9qqqYCQ
lH/oIDo7pROq1MFkYVGhH4HT5vH9rZaw8us6x+mzNX7HnIzNnEf2DNkGmsd+Qp4k
mvsX7pvn296q+IlqD80X4VcpU4AmVY2LtKOePehc61xWkA92qMj2wIktwAjfVxrw
KiHtneAmEULUtLzfYjCEC59f6+BcYUZnEVG+uQTrCnW4k7TBthRrSPPtox26ULfQ
Bj/w8siQAvyShdbaZOIUgekJienA1zJGxSZQ+48fyQKdIaOQ+SIJao7qjzgctCF1
9lh4mRKOkVvxgNeNw4iU8DoU/Tt68MSB03bNX1ZHrGrBFl57ZQ8O7cboDvgLf0/3
sR9GA13lJsLBX1vJzXFi
=8c/H
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 07 Mar 2011 08:47:46 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:24:54 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook
Vulmon Logo
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started