Hi Roland, On Thu, Dec 09, 2021 at 03:55:44PM +0100, Roland Rosenfeld wrote: > Hi! > > Here is a little update for CVE-2021-4454[0123]: > > All 4 CVEs are fixed in 3.0.33-1 (sid).
Thanks, already updated earlier. > CVE-2021-44541 and CVE-2021-44542 both do not affect buster and > stretch since the vulnerable code was introduced in 3.0.29 or later > (while buster ships 3.0.28 and stretch ships 3.0.26). Thanks, updated now the tracker. > > I prepared an update for bullseye (3.0.32-2+deb11u1): > https://salsa.debian.org/debian/privoxy/-/tree/debian/bullseye > and will create an request for 11.2 release soon. Seen that, thank you as well. > I also prepared an update for buster (3.0.28-2+deb10u2) including only > CVE-2021-44540 and CVE-2021-44543: > https://salsa.debian.org/debian/privoxy/-/tree/debian/buster > and will create an request for the next point release later. Ack! > Last but not least I prepared an update for strech (3.0.26-3+deb9u3) > including only CVE-2021-44540 and CVE-2021-44543: > https://salsa.debian.org/debian/privoxy/-/tree/debian/stretch > and will offer this to the LTS team. > > It would great, if you could update the security tracker accordingly. Regards, Salvatore
