Ubuntu
privoxy package

privoxy 3.0.26-5ubuntu0.1 source package in Ubuntu

Changelog

privoxy (3.0.26-5ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/38_CVE-2021-20217.patch: Prevent an assertion by a
      crafted CGI request.
    - CVE-2021-20217
  * SECURITY UPDATE: Memory leak
    - debian/patches/40_CVE-2021-20216.patch: Fix a memory leak.
    - debian/patches/41_CVE-2020-35502.patch: Fixed memory leaks when a
      response is buffered and the buffer limit is reached or Privoxy is
      running out of memory.
    - debian/patches/42_CVE-2021-20209.patch: Fixed a memory leak in the
      show-status CGI handler when no action files are configured.
    - debian/patches/43_CVE-2021-20210.patch: Fixed a memory leak in the show-status
      CGI handler when no filter files are configured.
    - debian/patches/44_CVE-2021-20211.patch: Fixes a memory leak when client tags
      are active.
    - debian/patches/45_CVE-2021-20212.patch: Fixed a memory leak if multiple
      filters are executed and the last one is skipped due to a pcre error.
    - debian/patches/48_CVE-2021-20215.patch: Fixed memory leaks in the show-status
      CGI handler when memory allocations fail.
    - CVE-2021-20216
    - CVE-2020-35502
    - CVE-2021-20209
    - CVE-2021-20210
    - CVE-2021-20211
    - CVE-2021-20212
    - CVE-2021-20215
  * SECURITY UPDATE: Denial of Service
    - debian/patches/46_CVE-2021-20213.patch: Prevent an unlikely dereference of a
      NULL-pointer that could result in a crash if accept-intercepted-requests
      was enabled.
    - debian/patches/49_CVE-2021-20272.patch: Remove an assertion that could be
      triggered with a crafted CGI request.
    - debian/patches/50_CVE-2021-20273.patch: Overrule invalid image types.
      Prevents a crash with a crafted CGI request if Privoxy is toggled off.
    - debian/patches/51_CVE-2021-20275.patch: Prevent invalid read of size two.
    - debian/patches/52_CVE-2021-20276.patch: Obsolete pcre: Prevent invalid memory
      accesses.
    - CVE-2021-20213
    - CVE-2021-20272
    - CVE-2021-20273
    - CVE-2021-20275
    - CVE-2021-20276
  * Fix detection of insufficient data: debian/patches/39_decompress_iob.patch

 -- Eduardo Barretto <email address hidden>  Tue, 16 Mar 2021 15:51:43 +0100

Upload details

Uploaded by:
Eduardo Barretto
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
privoxy_3.0.26.orig.tar.gz 1.7 MiB 57e415b43ee5dfdca74685cc034053eaae962952fdabd086171551a86abf9cd8
privoxy_3.0.26-5ubuntu0.1.debian.tar.xz 30.4 KiB eaa6ea53bff72bbfa6834e48b805d7c258ac0036cbc6fefcc71e7e50f331c584
privoxy_3.0.26-5ubuntu0.1.dsc 1.9 KiB 2765e3d9d92627214c49bb9887fe72e71d4315d044f77efe671f32414f7ed312

View changes file

Binary packages built by this source

privoxy: Privacy enhancing HTTP Proxy

 Privoxy is a web proxy with advanced filtering capabilities for
 protecting privacy, filtering web page content, managing cookies,
 controlling access, and removing ads, banners, pop-ups and other
 obnoxious Internet junk. Privoxy has a very flexible configuration
 and can be customized to suit individual needs and tastes. Privoxy
 has application for both stand-alone systems and multi-user networks.
 .
 Privoxy is based on Internet Junkbuster (tm).

privoxy-dbgsym: debug symbols for privoxy