Hi! Here is a little update for CVE-2021-4454[0123]: All 4 CVEs are fixed in 3.0.33-1 (sid). CVE-2021-44541 and CVE-2021-44542 both do not affect buster and stretch since the vulnerable code was introduced in 3.0.29 or later (while buster ships 3.0.28 and stretch ships 3.0.26). I prepared an update for bullseye (3.0.32-2+deb11u1): https://salsa.debian.org/debian/privoxy/-/tree/debian/bullseye and will create an request for 11.2 release soon. I also prepared an update for buster (3.0.28-2+deb10u2) including only CVE-2021-44540 and CVE-2021-44543: https://salsa.debian.org/debian/privoxy/-/tree/debian/buster and will create an request for the next point release later. Last but not least I prepared an update for strech (3.0.26-3+deb9u3) including only CVE-2021-44540 and CVE-2021-44543: https://salsa.debian.org/debian/privoxy/-/tree/debian/stretch and will offer this to the LTS team. It would great, if you could update the security tracker accordingly. Greetings Roland
Attachment:
signature.asc
Description: PGP signature