Je hebt een klacht over de onderstaande posting:
Dat er geen security update beschikbaar is klopt niet. Vanuit hun bug tracker op git is het volgende te vinden: the bad news a security researcher from TALOS intelligence found a use-after-free vulnerability in tinyproxy in december 2023, claiming to have contacted upstream and waited 6 months for publication. whatever he did to contact upstream, it wasn't effective and not what was described on either the tinyproxy homepage nor in README.md. he certainly didn't try hard to find a responsive contact, and probably pulled a random email address out of git log and sent a mail there. the vulnerability was made public on may 01 2024, and it took a full 5 days until i was notified on IRC by a distro package maintainer. here's the official write-up: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889 don't spend too much time reading it, as it goes into a lot of quite useless details, while not focusing on the actual bug. the gist is the following: in src/reqs.c, remove_connection_headers(), ...
Beschrijf je klacht (Optioneel):