-
privoxy (3.0.24-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/38_CVE-2021-20217.patch: Prevent an assertion by a
crafted CGI request.
- CVE-2021-20217
* SECURITY UPDATE: Memory leak
- debian/patches/40_CVE-2021-20216.patch: Fix a memory leak.
- debian/patches/41_CVE-2020-35502.patch: Fixed memory leaks when a
response is buffered and the buffer limit is reached or Privoxy is
running out of memory.
- debian/patches/42_CVE-2021-20209.patch: Fixed a memory leak in the
show-status CGI handler when no action files are configured.
- debian/patches/43_CVE-2021-20210.patch: Fixed a memory leak in the show-status
CGI handler when no filter files are configured.
- debian/patches/45_CVE-2021-20212.patch: Fixed a memory leak if multiple
filters are executed and the last one is skipped due to a pcre error.
- debian/patches/48_CVE-2021-20215.patch: Fixed memory leaks in the show-status
CGI handler when memory allocations fail.
- CVE-2021-20216
- CVE-2020-35502
- CVE-2021-20209
- CVE-2021-20210
- CVE-2021-20212
- CVE-2021-20215
* SECURITY UPDATE: Denial of Service
- debian/patches/46_CVE-2021-20213.patch: Prevent an unlikely dereference of a
NULL-pointer that could result in a crash if accept-intercepted-requests
was enabled.
- debian/patches/49_CVE-2021-20272.patch: Remove an assertion that could be
triggered with a crafted CGI request.
- debian/patches/50_CVE-2021-20273.patch: Overrule invalid image types.
Prevents a crash with a crafted CGI request if Privoxy is toggled off.
- debian/patches/51_CVE-2021-20275.patch: Prevent invalid read of size two.
- debian/patches/52_CVE-2021-20276.patch: Obsolete pcre: Prevent invalid memory
accesses.
- CVE-2021-20213
- CVE-2021-20272
- CVE-2021-20273
- CVE-2021-20275
- CVE-2021-20276
* Fix detection of insufficient data: debian/patches/39_decompress_iob.patch
-- Eduardo Barretto <email address hidden> Wed, 17 Mar 2021 17:28:00 +0100
-
privoxy (3.0.24-1) unstable; urgency=medium
* New upstream version 3.0.24.
* This fixes CVE-2016-1982 and CVE-2016-1983.
* Adapt all patches to new upstream version.
-- Roland Rosenfeld <email address hidden> Fri, 22 Jan 2016 16:08:05 +0100
-
privoxy (3.0.23-5) unstable; urgency=medium
* Remove /lib/init/vars.sh from init script since it is no longer used.
As a consequence remove initscripts dependency (Closes: #804961).
* --enable-external-filters (Closes: #805296).
-- Roland Rosenfeld <email address hidden> Mon, 16 Nov 2015 21:05:41 +0100
-
privoxy (3.0.23-4) unstable; urgency=medium
* Add rotate option to init.d script.
* Change logrotate to use rotate option (Closes: #783399).
* privoxy.service: define SuccessExitStatus=15.
* Set locales to C.UTF-8 for doc generation to make build reproducible.
* Run wrap-and-sort.
* 34_system-docbook2man: Use Debian docbook2man-spec.pl (from
docbook-utils) instead of local copy, to make package reproducible.
* Stop runing "make man2html", since this overrides "make man", which
should work reproducible.
-- Roland Rosenfeld <email address hidden> Sat, 19 Sep 2015 15:05:41 +0200
-
privoxy (3.0.23-3) unstable; urgency=medium
* Since there are no new bugs found, this goes to unstable now.
* Depend on perl-base instead of full perl.
-- Roland Rosenfeld <email address hidden> Sun, 26 Apr 2015 11:01:08 +0200
