* [Buildroot] [git commit branch/2021.11.x] package/privoxy: security bump to version 3.0.33
@ 2022-01-15 15:38 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2022-01-15 15:38 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=6aa6048432f9bf55527d79997f77b0f6feacae8c
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.11.x
Fixes the following security issues:
- cgi_error_no_template(): Encode the template name to prevent
XSS (cross-site scripting) when Privoxy is configured to servce
the user-manual itself.
Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543.
Reported by: Artem Ivanov
- get_url_spec_param(): Free memory of compiled pattern spec
before bailing.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540.
- process_encrypted_request_headers(): Free header memory when
failing to get the request destination.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 0509c58045. OVE-20211201-0002. CVE-2021-44541.
- send_http_request(): Prevent memory leaks when handling errors
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 44a97dcb93ebe279f15ce625c23930c50beeb009)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/privoxy/privoxy.hash | 8 ++++----
package/privoxy/privoxy.mk | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/privoxy/privoxy.hash b/package/privoxy/privoxy.hash
index 92ecd1dd21..cf1056ecc4 100644
--- a/package/privoxy/privoxy.hash
+++ b/package/privoxy/privoxy.hash
@@ -1,6 +1,6 @@
-# From https://sourceforge.net/projects/ijbswa/files/Sources/3.0.32%20%28stable%29/
-md5 3a0a8ebdf80e0a29154683e74cbf510b privoxy-3.0.32-stable-src.tar.gz
-sha1 3a298ab2599fc92555c86dc29a37742d7396a0d3 privoxy-3.0.32-stable-src.tar.gz
+# From https://sourceforge.net/projects/ijbswa/files/Sources/3.0.33%20%28stable%29/
+md5 d6caf3eaad4812f0658b68d5b3ba3a06 privoxy-3.0.33-stable-src.tar.gz
+sha1 688da305077d8ecbcf6423e02201f01f7a7098f4 privoxy-3.0.33-stable-src.tar.gz
# Locally computed
-sha256 c61de4008c62445ec18f1f270407cbf2372eaba93beaccdc9e3238bb2defeed7 privoxy-3.0.32-stable-src.tar.gz
+sha256 04b104e70dac61561b9dd110684b250fafc8c13dbe437a60fae18ddd9a881fae privoxy-3.0.33-stable-src.tar.gz
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 LICENSE
diff --git a/package/privoxy/privoxy.mk b/package/privoxy/privoxy.mk
index c1859ed5f2..06642200df 100644
--- a/package/privoxy/privoxy.mk
+++ b/package/privoxy/privoxy.mk
@@ -4,7 +4,7 @@
#
################################################################################
-PRIVOXY_VERSION = 3.0.32
+PRIVOXY_VERSION = 3.0.33
PRIVOXY_SITE = http://downloads.sourceforge.net/project/ijbswa/Sources/$(PRIVOXY_VERSION)%20%28stable%29
PRIVOXY_SOURCE = privoxy-$(PRIVOXY_VERSION)-stable-src.tar.gz
# configure not shipped
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-01-15 15:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-15 15:38 [Buildroot] [git commit branch/2021.11.x] package/privoxy: security bump to version 3.0.33 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.