privoxy 3.0.28-3ubuntu0.1 source package in Ubuntu
Changelog
privoxy (3.0.28-3ubuntu0.1) groovy-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/38_CVE-2021-20217.patch: Prevent an assertion by a
crafted CGI request.
- CVE-2021-20217
* SECURITY UPDATE: Memory leak
- debian/patches/40_CVE-2021-20216.patch: Fix a memory leak.
- debian/patches/41_CVE-2020-35502.patch: Fixed memory leaks when a
response is buffered and the buffer limit is reached or Privoxy is
running out of memory.
- debian/patches/42_CVE-2021-20209.patch: Fixed a memory leak in the
show-status CGI handler when no action files are configured.
- debian/patches/43_CVE-2021-20210.patch: Fixed a memory leak in the show-status
CGI handler when no filter files are configured.
- debian/patches/44_CVE-2021-20211.patch: Fixes a memory leak when client tags
are active.
- debian/patches/45_CVE-2021-20212.patch: Fixed a memory leak if multiple
filters are executed and the last one is skipped due to a pcre error.
- debian/patches/48_CVE-2021-20215.patch: Fixed memory leaks in the show-status
CGI handler when memory allocations fail.
- debian/patches/53_CVE-2021-20214.patch: Plug memory leaks.
- CVE-2021-20216
- CVE-2020-35502
- CVE-2021-20209
- CVE-2021-20210
- CVE-2021-20211
- CVE-2021-20212
- CVE-2021-20215
- CVE-2021-20214
* SECURITY UPDATE: Denial of Service
- debian/patches/46_CVE-2021-20213.patch: Prevent an unlikely dereference of a
NULL-pointer that could result in a crash if accept-intercepted-requests
was enabled.
- debian/patches/49_CVE-2021-20272.patch: Remove an assertion that could be
triggered with a crafted CGI request.
- debian/patches/50_CVE-2021-20273.patch: Overrule invalid image types.
Prevents a crash with a crafted CGI request if Privoxy is toggled off.
- debian/patches/51_CVE-2021-20275.patch: Prevent invalid read of size two.
- debian/patches/52_CVE-2021-20276.patch: Obsolete pcre: Prevent invalid memory
accesses.
- CVE-2021-20213
- CVE-2021-20272
- CVE-2021-20273
- CVE-2021-20275
- CVE-2021-20276
* Fix detection of insufficient data: debian/patches/39_decompress_iob.patch
-- Eduardo Barretto <email address hidden> Thu, 18 Mar 2021 17:26:38 +0100
Upload details
- Uploaded by:
- Eduardo Barretto
- Uploaded to:
- Groovy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| privoxy_3.0.28.orig.tar.gz | 1.7 MiB | b5d78cc036aaadb3b7cf860e9d598d7332af468926a26e2d56167f1cb6f2824a |
| privoxy_3.0.28.orig.tar.gz.asc | 833 bytes | bf4981d7c5da05019c5586d2e8785ad01e27813de3eb7f44c716df2dceb911c8 |
| privoxy_3.0.28-3ubuntu0.1.debian.tar.xz | 32.4 KiB | 6d95649aa25094cdf2dac3b2d85d75cd420b3c38ed88b266b5a131b74407e422 |
| privoxy_3.0.28-3ubuntu0.1.dsc | 2.3 KiB | f8649e6878b989d63ddd60dc8341b144cd62b2a4c1bd23e8a77f182daec427cc |
Available diffs
Binary packages built by this source
- privoxy: No summary available for privoxy in ubuntu groovy.
No description available for privoxy in ubuntu groovy.
- privoxy-dbgsym: No summary available for privoxy-dbgsym in ubuntu groovy.
No description available for privoxy-dbgsym in ubuntu groovy.
