Hi Roland, On Sat, Feb 6, 2021 at 4:43 PM Roland Rosenfeld <rol...@debian.org> wrote: > As the maintainer of privoxy package, I just checked all new CVEs on > https://security-tracker.debian.org/tracker/source-package/privoxy and > prepared a stretch package with the patches fixing all CVEs. > > Only the patch for CVE-2021-20214 was not included, since this CVE > doesn't affect 3.0.26 (the fixed tags "refresh-delay" and > "tags-expire" where introduced with 3.0.27), this should be changed in > the security-tracker. > > Since all other CVEs are tagged "minor issue" on security-tracker, I'm > not sure whether it's worth doing a LTS upload for this. > > If you think so, feel free to use it or tell me, what I have to do to > upload it... > > A patch agains 3.0.26-3 is attached.
Thanks for your pro-active work on this! \o/ I'll go through the patch and other things and will get back to you if I have any questions or will upload as is :) - u
