eedd93f010
Tinyproxy commit 84f203f and earlier does not process HTTP request lines in the process_request() function and is using uninitialized buffers. This vulnerability allows attackers to access sensitive information at system runtime. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
18 lines
612 B
Makefile
18 lines
612 B
Makefile
################################################################################
|
|
#
|
|
# tinyproxy
|
|
#
|
|
################################################################################
|
|
|
|
TINYPROXY_VERSION = 1.11.1
|
|
TINYPROXY_SITE = https://github.com/tinyproxy/tinyproxy/releases/download/$(TINYPROXY_VERSION)
|
|
TINYPROXY_SOURCE = tinyproxy-$(TINYPROXY_VERSION).tar.xz
|
|
TINYPROXY_LICENSE = GPL-2.0+
|
|
TINYPROXY_LICENSE_FILES = COPYING
|
|
TINYPROXY_CPE_ID_VENDOR = tinyproxy_project
|
|
|
|
# 0001-prevent-junk-from-showing-up-in-error-page-in-invalid-requests.patch
|
|
TINYPROXY_IGNORE_CVES += CVE-2022-40468
|
|
|
|
$(eval $(autotools-package))
|