[Bug 1193584] New: VUL-0: CVE-2021-44540: Multiple issues fixed in Privoxy 3.0.33 stable
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584 Bug ID: 1193584 Summary: VUL-0: CVE-2021-44540: Multiple issues fixed in Privoxy 3.0.33 stable Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other URL: https://smash.suse.de/issue/316954/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem Assignee: mseben@gmail.com Reporter: abergmann@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2021-44540 via oss-sec mailing list https://seclists.org/oss-sec/2021/q4/148 Multiple issues fixed in Privoxy 3.0.33 stable - CVE-2021-44540: get_url_spec_param(): Free memory of compiled pattern spec before bailing. - CVE-2021-44541: process_encrypted_request_headers(): Free header memory when failing to get the request destination. - CVE-2021-44542: send_http_request(): Prevent memory leaks when handling errors - CVE-2021-44543: cgi_error_no_template(): Encode the template name to prevent XSS (cross-site scripting) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584#c1
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584#c4
Carsten Ziepke
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584#c5
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584#c6
--- Comment #6 from OBSbugzilla Bot
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584#c7
--- Comment #7 from Carsten Ziepke
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584
http://bugzilla.opensuse.org/show_bug.cgi?id=1193584#c9
Andreas Stieger
participants (1)
-
bugzilla_noreply@suse.com