[Bug 1193584] New: VUL-0: CVE-2021-44540: Multiple issues fixed in Privoxy 3.0.33 stable
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584 Bug ID: 1193584 Summary: VUL-0: CVE-2021-44540: Multiple issues fixed in Privoxy 3.0.33 stable Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other URL: https://smash.suse.de/issue/316954/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem Assignee: mseben@gmail.com Reporter: abergmann@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2021-44540 via oss-sec mailing list https://seclists.org/oss-sec/2021/q4/148 Multiple issues fixed in Privoxy 3.0.33 stable - CVE-2021-44540: get_url_spec_param(): Free memory of compiled pattern spec before bailing. - CVE-2021-44541: process_encrypted_request_headers(): Free header memory when failing to get the request destination. - CVE-2021-44542: send_http_request(): Prevent memory leaks when handling errors - CVE-2021-44543: cgi_error_no_template(): Encode the template name to prevent XSS (cross-site scripting) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584 http://bugzilla.opensuse.org/show_bug.cgi?id=1193584#c1 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED CC| |Andreas.Stieger@gmx.de --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> --- https://build.opensuse.org/request/show/939452 https://build.opensuse.org/request/show/939459 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584 http://bugzilla.opensuse.org/show_bug.cgi?id=1193584#c4 Carsten Ziepke <kieltux@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kieltux@gmail.com --- Comment #4 from Carsten Ziepke <kieltux@gmail.com> --- Just updated to openSUSE Leap 15.4 and here is privoxy still on 3.0.32. openSUSE Leap 15.4 is missing the backport package, like in openSUSE Leap 15.3: openSUSE Backports SLE-15-SP3. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584 http://bugzilla.opensuse.org/show_bug.cgi?id=1193584#c5 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |IN_PROGRESS CC| |mseben@gmail.com Assignee|mseben@gmail.com |screening-team-bugs@suse.de --- Comment #5 from Andreas Stieger <Andreas.Stieger@gmx.de> --- submitted -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584 http://bugzilla.opensuse.org/show_bug.cgi?id=1193584#c6 --- Comment #6 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1193584) was mentioned in https://build.opensuse.org/request/show/1032292 Backports:SLE-15-SP4 / privoxy -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584 http://bugzilla.opensuse.org/show_bug.cgi?id=1193584#c7 --- Comment #7 from Carsten Ziepke <kieltux@gmail.com> --- Thank you very much. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Basesystem |Security Version|Leap 15.3 |Leap 15.4 Assignee|screening-team-bugs@suse.de |security-team@suse.de -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584 http://bugzilla.opensuse.org/show_bug.cgi?id=1193584#c9 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #9 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Done -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com