-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 06 Feb 2021 21:42:01 +0100 Source: privoxy Architecture: source Version: 3.0.26-3+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Roland Rosenfeld <roland@debian.org> Changed-By: Roland Rosenfeld <roland@debian.org> Changes: privoxy (3.0.26-3+deb9u1) stretch-security; urgency=medium . * 38_CVE-2021-20217: Prevent an assertion by a crafted CGI request (CVE-2021-20217). * 39_decompress_iob: Fix detection of insufficient data. * 40_CVE-2021-20216: Fix a memory leak (CVE-2021-20216). * 41_CVE-2020-35502: Fixed memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory (CVE-2020-35502). * 42_CVE-2021-20209: Fixed a memory leak in the show-status CGI handler when no action files are configured (CVE-2021-20209). * 43_CVE-2021-20210: Fixed a memory leak in the show-status CGI handler when no filter files are configured (CVE-2021-20210). * 44_CVE-2021-20211: Fixes a memory leak when client tags are active (CVE-2021-20211). * 45_CVE-2021-20212: Fixed a memory leak if multiple filters are executed and the last one is skipped due to a pcre error (CVE-2021-20212). * 46_CVE-2021-20213: Prevent an unlikely dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed (CVE-2021-20213). * 48_CVE-2021-20215: Fixed memory leaks in the show-status CGI handler when memory allocations fail (CVE-2021-20215). Checksums-Sha1: eccc1dea6d333d6fcc5444464f67279f5f84ef8f 1940 privoxy_3.0.26-3+deb9u1.dsc b646624006225979f83453ba542e448667f45998 1741772 privoxy_3.0.26.orig.tar.gz d3cea0e0eccd0d13fa81bc34d26bedfb3ee04081 28764 privoxy_3.0.26-3+deb9u1.debian.tar.xz 283899c4bed5d5a8a5e33bc629fb635acbc268f1 10314 privoxy_3.0.26-3+deb9u1_source.buildinfo Checksums-Sha256: 66a9ee40e5f9ca3d6b076e82d472d2682c8165e8dd90c7c725008d536e6376a2 1940 privoxy_3.0.26-3+deb9u1.dsc 57e415b43ee5dfdca74685cc034053eaae962952fdabd086171551a86abf9cd8 1741772 privoxy_3.0.26.orig.tar.gz ddcd8c75d9360dffcb5a9db46139227c3fcd3e02fe825f5b7e8f641347335005 28764 privoxy_3.0.26-3+deb9u1.debian.tar.xz 0a829677d6a3289798dbce49e2739a9dde8f091ce02faec53d0446ab9cf32298 10314 privoxy_3.0.26-3+deb9u1_source.buildinfo Files: 7c3e00a9321f728066e99d813b17cd91 1940 web optional privoxy_3.0.26-3+deb9u1.dsc 8a1c842112ccea68c19b7ceb4a0e999f 1741772 web optional privoxy_3.0.26.orig.tar.gz 9d1a00844dd720eb8ca5798123958156 28764 web optional privoxy_3.0.26-3+deb9u1.debian.tar.xz ead93c570642f57c783274dcbe323e2a 10314 web optional privoxy_3.0.26-3+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAmAe/00ACgkQAnE7z8pU ELJWjg/9EoSEtwaRB9QcUEy33T5iYo5q4zqz3C/XZsywHjM7A7QGf2z6D8ZSKfMO /8qsJwcP8GJYHbqoIBJx/K24GTxgoAN+np+3zU/38pm3iM5+XwqOaWrI+HS9zSMM xwxpxX3aBsx47H8LdxXGrTDOBccY53F73eNH/z8laeXK4bDR8q5XxgIxPfIxdpnH Dqldw1ia/XRZZbEKzPLA1zo/dN1wuriBnGJ5QjsVRPgTqZaiLW25N5XSX9xHR7BW MASzYF1O1UeFANR1ruuCP03aynE6c3eXnIIo/jXzWZ73e1wNNOkHui4IU1pP1kzk LXrRRrlSRn8s2c3/xaM2MT8XCC2qqVkxahwmnUYytBJOKTjqFqXwrgYmpV4xABST rZpz+/hBV8R6J0ZpXknt8CeFbNSwVhqXSfxHEs1CU2t/W1sqkBFAsQ6KYmnFzVow kVYAiU6MFY2PvSW14wgTvDmBD6YnFyQPDcBDOWNdjPW7cE1cX9SNR9f1YjUSVWF8 vWFle6eu1elR1d6PnUEpGy7NY/F37FO3x+9rS64jqyTw5p8LdbvfFvPFcqtwkqJT 6JmLhFGU5pNCC0RaaSqrk8Ie/qkETo7O7zdR6/bxvudP6DRB579NiZHsCwk/tg7t zCZiL6lbTtFgKE0eKuF6gip2ldyn/MRLXx17e7TYxzeKwLt4h8I= =xo5h -----END PGP SIGNATURE-----