| Release | Version |
|---|---|
| jessie | 1.8.3-3+deb8u1 |
| stretch | 1.8.4-3~deb9u2 |
| buster | 1.10.0-2+deb10u1 |
| bullseye | 1.10.0-5 |
| bullseye (security) | 1.10.0-5+deb11u1 |
| bookworm | 1.11.1-2.1+deb12u1 |
| trixie | 1.11.2-1 |
| sid | 1.11.2-1 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-49606 | vulnerable | vulnerable | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | A use-after-free vulnerability exists in the HTTP Connection Headers p ... |
| CVE-2023-40533 | vulnerable | vulnerable | unknown | unknown | unknown | unknown | unknown | |
| CVE-2022-40468 | vulnerable | fixed | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | Potential leak of left-over heap data if custom error page templates c ... |
| Bug | Description |
|---|---|
| CVE-2017-11747 | main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinypro ... |
| CVE-2012-3505 | Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial ... |
| CVE-2011-1843 | Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remot ... |
| CVE-2011-1499 | acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting s ... |
| CVE-2002-0847 | tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers ... |
| DSA / DLA | Description |
|---|---|
| DLA-3892-1 | tinyproxy - security update |
| DSA-5705-1 | tinyproxy - security update |
| DLA-2163-1 | tinyproxy - security update |
| DSA-2564-1 | tinyproxy - denial of service |
| DSA-2222-1 | tinyproxy - incorrect ACL processing |
| DSA-145 | tinyproxy - doubly freed memory |