[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: privoxy stretch package 3.0.26-3+deb9u3 prepared

Hi Roland,

On Fri, 10 Dec, 2021, 5:50 pm Roland Rosenfeld, <roland@debian.org> wrote:
Privoxy upstream just released version 3.0.33, which fixes four new
CVEs, which are also reported at security-tracker.

I prepared a package that fixes CVE-2021-44540 and CVE-2021-44543.

CVE-2021-44541 and CVE-2021-44542 are missing, since this affect code,
that was introduced in 3.0.29 or later, so stretch package is not
affected, since we shipped 3.0.26 in stretch.

Since the two CVEs are tagged "minor issue" on security-tracker, I'm
not sure whether it's worth doing a LTS upload for this.

Thank you for getting in touch. I'll defer the decision to roll out the DLA to Chris, who's at front desk. If he thinks it worth doing an upload, I'll take it from here and prep the upload and roll the announcement like last time. :)

- u

Reply to: