Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted privoxy 3.0.28-2+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Sun, 14 Mar 2021 10:02:10 +0000
Signed by: Roland Rosenfeld <roland@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 08 Mar 2021 13:57:15 +0100
Source: privoxy
Architecture: source
Version: 3.0.28-2+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Roland Rosenfeld <roland@debian.org>
Changed-By: Roland Rosenfeld <roland@debian.org>
Changes:
 privoxy (3.0.28-2+deb10u1) buster; urgency=medium
 .
   * 38_CVE-2021-20217: Prevent an assertion by a crafted CGI request
     (CVE-2021-20217).
   * 39_decompress_iob: Fix detection of insufficient data.
   * 40_CVE-2021-20216: Fix a memory leak (CVE-2021-20216).
   * 41_CVE-2020-35502: Fixed memory leaks when a response is buffered and
     the buffer limit is reached or Privoxy is running out of memory
     (CVE-2020-35502).
   * 42_CVE-2021-20209: Fixed a memory leak in the show-status CGI handler
     when no action files are configured (CVE-2021-20209).
   * 43_CVE-2021-20210: Fixed a memory leak in the show-status CGI handler
     when no filter files are configured (CVE-2021-20210).
   * 44_CVE-2021-20211: Fixes a memory leak when client tags are active
     (CVE-2021-20211).
   * 45_CVE-2021-20212: Fixed a memory leak if multiple filters are
     executed and the last one is skipped due to a pcre error (CVE-2021-20212).
   * 46_CVE-2021-20213: Prevent an unlikely dereference of a NULL-pointer
     that could result in a crash if accept-intercepted-requests was
     enabled, Privoxy failed to get the request destination from the Host
     header and a memory allocation failed (CVE-2021-20213).
   * 47_CVE-2021-20214: Fixed memory leaks in the client-tags CGI handler
     when client tags are configured and memory allocations fail
     (CVE-2021-20214).
   * 48_CVE-2021-20215: Fixed memory leaks in the show-status CGI handler
     when memory allocations fail (CVE-2021-20215).
   * 49_CVE-2021-20272: ssplit(): Remove an assertion that could be
     triggered with a crafted CGI request (CVE-2021-20272).
   * 50_CVE-2021-20273: cgi_send_banner(): Overrule invalid image types.
     Prevents a crash with a crafted CGI request if Privoxy is toggled off
     (CVE-2021-20273).
   * 51_CVE-2021-20275: chunked_body_is_complete(): Prevent invalid read of
     size two (CVE-2021-20275).
   * 52_CVE-2021-20276: Obsolete pcre: Prevent invalid memory accesses
     (CVE-2021-20276).
Checksums-Sha1:
 20f3cbedf95f6c898d584ba67053bc4279101214 2263 privoxy_3.0.28-2+deb10u1.dsc
 fa8f9f355a48afe94afcaef31c5404b2294c1043 1753809 privoxy_3.0.28.orig.tar.gz
 4e0777eb601ac08e6881641d2f36f097ed045995 833 privoxy_3.0.28.orig.tar.gz.asc
 31481843d358063ce87895fdd14d34397e61fb44 32540 privoxy_3.0.28-2+deb10u1.debian.tar.xz
 cae6dda5e97663a10f11438f768248b1d905b2bc 10334 privoxy_3.0.28-2+deb10u1_source.buildinfo
Checksums-Sha256:
 4519984b05271379ef1b7844bee841b3eaa927f76864c476208a2fd90f73bb70 2263 privoxy_3.0.28-2+deb10u1.dsc
 b5d78cc036aaadb3b7cf860e9d598d7332af468926a26e2d56167f1cb6f2824a 1753809 privoxy_3.0.28.orig.tar.gz
 bf4981d7c5da05019c5586d2e8785ad01e27813de3eb7f44c716df2dceb911c8 833 privoxy_3.0.28.orig.tar.gz.asc
 e5fc6c5ca4ee12dd8ce36784f7e1d19318743862b747b2e2aa02419a5f998a30 32540 privoxy_3.0.28-2+deb10u1.debian.tar.xz
 99dba0bdb603cef547cb0a6cd0fdf58d7e529e3875a27aa18e9d3718c5f58aa0 10334 privoxy_3.0.28-2+deb10u1_source.buildinfo
Files:
 38b274c5c7096976b5ab3fb5b5261374 2263 web optional privoxy_3.0.28-2+deb10u1.dsc
 c7e8900d5aff33d9a5fc37ac28154f21 1753809 web optional privoxy_3.0.28.orig.tar.gz
 72cd2e9835330ea3343165549a35d6ad 833 web optional privoxy_3.0.28.orig.tar.gz.asc
 341a1e9a75b2ce7b25138893b96b8e9a 32540 web optional privoxy_3.0.28-2+deb10u1.debian.tar.xz
 6386e355abc50370ffa7918df16e92a1 10334 web optional privoxy_3.0.28-2+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAmBM+FEACgkQAnE7z8pU
ELLkTQ//Sz1FmmwWOhzkG+0wNV5oRh6CPJQQHlk7ir9EyTp695PTYq9li/v1pB6X
cDu2w3LY5riT5mBds2GbJli8HgoGxoaoj0dXBk2HQjS6LXJ/ZKiPfCshUDNI4Hxt
/9P3VFteXA9AxIANj76bOxw5cBhwPoOx8Oh62roGg1fl4B4j/1oGh4u7fHB97AT5
8GopOszcToon/Bp/QIXpZ8ThSPMKeedfuAwiYSfTtewQLD+DQ9U/C0CePod3ohNb
CPDEu/XUqPpWhm92hafu/Wk1IbxL0Bw7a8FdP4//jjixiWoBAZrsm2vdMzEL3LiR
qvS6VeBJs3Blyw7J5JOCaoHPJ7KPkJycJgK6T2aBOny19YaMKJomQyJnkW1lyKix
y0Af7WT2kIELd7Lj5chD9ocoVnQckvdsb4pd1tMqZM5OhUJ98GOZGe2dAmlESmvm
jA7y4bvwNXYubI3XY49YOtgva1xiQl+FtnCCdH3vxzwRvgxq0mi7RPobiPyzX3ou
QUPRSIgmQC6KYHO0pu3NHndd1Q+kGLkf9DMLSb659MOd5Eim51y7hfMyI8mlxcrv
SntJeTBegPSlOR9723+RcUjOAUEYdmVEsPcrxPA5f1inH4hR7tGCvS+SvZY9wBE9
Z1oSbmAlXgH4NJWFHI39S4g6HQh2FvRUcJNup0N7A9hedU+y7Uc=
=NCEW
-----END PGP SIGNATURE-----
News for package privoxy
