Re: privoxy CVE-2021-4454[0123] update
Hi Roland,
On Thu, Dec 09, 2021 at 03:55:44PM +0100, Roland Rosenfeld wrote:
> Hi!
>
> Here is a little update for CVE-2021-4454[0123]:
>
> All 4 CVEs are fixed in 3.0.33-1 (sid).
Thanks, already updated earlier.
> CVE-2021-44541 and CVE-2021-44542 both do not affect buster and
> stretch since the vulnerable code was introduced in 3.0.29 or later
> (while buster ships 3.0.28 and stretch ships 3.0.26).
Thanks, updated now the tracker.
>
> I prepared an update for bullseye (3.0.32-2+deb11u1):
> https://salsa.debian.org/debian/privoxy/-/tree/debian/bullseye
> and will create an request for 11.2 release soon.
Seen that, thank you as well.
> I also prepared an update for buster (3.0.28-2+deb10u2) including only
> CVE-2021-44540 and CVE-2021-44543:
> https://salsa.debian.org/debian/privoxy/-/tree/debian/buster
> and will create an request for the next point release later.
Ack!
> Last but not least I prepared an update for strech (3.0.26-3+deb9u3)
> including only CVE-2021-44540 and CVE-2021-44543:
> https://salsa.debian.org/debian/privoxy/-/tree/debian/stretch
> and will offer this to the LTS team.
>
> It would great, if you could update the security tracker accordingly.
Regards,
Salvatore
Reply to: