Re: privoxy stretch package 3.0.26-3+deb9u3 prepared

Hi all, On Fr, 10 Dez 2021, Chris Lamb wrote: > >> Since the two CVEs are tagged "minor issue" on security-tracker, I'm > >> not sure whether it's worth doing a LTS upload for this. > > > > Thank you for getting in touch. I'll defer the decision to roll out the > > DLA to Chris, who's at front d

privoxy stretch package 3.0.26-3+deb9u3 prepared

spec_param(): Free memory of compiled +pattern spec before bailing (CVE-2021-44540). + * 56_CVE-2021-44543: cgi_error_no_template(): Encode the template name +to prevent XSS (CVE-2021-44543). + + -- Roland Rosenfeld Tue, 07 Dec 2021 19:59:33 +0100 + privoxy (3.0.26-3+deb9u2) stretch

Re: privoxy stretch package 3.0.26-3+deb9u2 prepared

Hi Abhijith! On Di, 09 Mär 2021, Abhijith PA wrote: > Roland, thanks again for the patch. I can see that last LTS update > (3.0.26-3+deb9u1) done by you. Hope you can upload this time as > well. If not, let me know. I am happy to help. Once uploaded to > archive I will take care of DLA and announ

privoxy stretch package 3.0.26-3+deb9u2 prepared

a crafted CGI request if Privoxy is toggled off +(CVE-2021-20273). + * 51_CVE-2021-20275: chunked_body_is_complete(): Prevent invalid read of +size two (CVE-2021-20275). + * 52_CVE-2021-20276: Obsolete pcre: Prevent invalid memory accesses +(CVE-2021-20276). + + -- Roland Rosenfeld Mon, 0

Re: privoxy stretch package prepared

Hi Utkarsh! On So, 07 Feb 2021, Utkarsh Gupta wrote: > Could you change "stretch" to "stretch-security" in the changelog, > re-build, and upload it to security-master? > In case you can't or lack the time, I shall be happy to do it myself > as well, let me know! :) I changed "stretch" to "stretc

Re: privoxy stretch package prepared

mory leaks in the show-status CGI handler +when memory allocations fail (CVE-2021-20215). + + -- Roland Rosenfeld Sat, 06 Feb 2021 20:38:20 +0100 + privoxy (3.0.26-3) unstable; urgency=medium * Add da debconf translation. Thanks to Joe Dalton (Closes: #850876). diff -Nru privoxy-3.0.26/debi

privoxy stretch package prepared

cre error (CVE-2021-20212). + * 46_CVE-2021-20213: Prevent an unlikely dereference of a NULL-pointer +that could result in a crash if accept-intercepted-requests was +enabled, Privoxy failed to get the request destination from the Host +header and a memory allocation failed (CVE-2021-202

Re: Jessie update of transfig (minor security issues)?

Hi Mike! On Fr, 20 Dez 2019, Mike Gabriel wrote: > The Debian LTS team recently reviewed the security issue(s) affecting your > package in Jessie: > https://security-tracker.debian.org/tracker/CVE-2019-19797 > > We decided that a member of the LTS team should take a look at this > package, altho