Re: privoxy stretch package 3.0.26-3+deb9u3 prepared

To: Roland Rosenfeld <roland@debian.org>, Chris Lamb <lamby@debian.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: privoxy stretch package 3.0.26-3+deb9u3 prepared
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Fri, 10 Dec 2021 21:02:19 +0530
Message-id: <[🔎] CAPP0f97kxPUdRXU5LW5A+pCepeOyXDijuYKeEX=RT1-UCTXOaQ@mail.gmail.com>
In-reply-to: <[🔎] 20211210121305.tzpms52ljxv5hatl@dinghy.sail.spinnaker.de>
References: <[🔎] 20211210121305.tzpms52ljxv5hatl@dinghy.sail.spinnaker.de>

Hi Roland,

On Fri, 10 Dec, 2021, 5:50 pm Roland Rosenfeld, <roland@debian.org> wrote:

Privoxy upstream just released version 3.0.33, which fixes four new
CVEs, which are also reported at security-tracker.

I prepared a package that fixes CVE-2021-44540 and CVE-2021-44543.

CVE-2021-44541 and CVE-2021-44542 are missing, since this affect code,
that was introduced in 3.0.29 or later, so stretch package is not
affected, since we shipped 3.0.26 in stretch.

Since the two CVEs are tagged "minor issue" on security-tracker, I'm
not sure whether it's worth doing a LTS upload for this.

Thank you for getting in touch. I'll defer the decision to roll out the DLA to Chris, who's at front desk. If he thinks it worth doing an upload, I'll take it from here and prep the upload and roll the announcement like last time. :)

- u

Reply to:

Follow-Ups:
- Re: privoxy stretch package 3.0.26-3+deb9u3 prepared
  - From: "Chris Lamb" <lamby@debian.org>

References:
- privoxy stretch package 3.0.26-3+deb9u3 prepared
  - From: Roland Rosenfeld <roland@debian.org>

Prev by Date: privoxy stretch package 3.0.26-3+deb9u3 prepared
Next by Date: Re: privoxy stretch package 3.0.26-3+deb9u3 prepared
Previous by thread: privoxy stretch package 3.0.26-3+deb9u3 prepared
Next by thread: Re: privoxy stretch package 3.0.26-3+deb9u3 prepared
Index(es):
- Date
- Thread