privoxy CVE-2021-4454[0123] update

To: debian-security-tracker@lists.debian.org
Subject: privoxy CVE-2021-4454[0123] update
From: Roland Rosenfeld <roland@debian.org>
Date: Thu, 9 Dec 2021 15:55:44 +0100
Message-id: <[🔎] 20211209145544.3ub7zttzgeujtvfm@dinghy.sail.spinnaker.de>
Mail-followup-to: debian-security-tracker@lists.debian.org

Hi!

Here is a little update for CVE-2021-4454[0123]:

All 4 CVEs are fixed in 3.0.33-1 (sid).

CVE-2021-44541 and CVE-2021-44542 both do not affect buster and
stretch since the vulnerable code was introduced in 3.0.29 or later
(while buster ships 3.0.28 and stretch ships 3.0.26).

I prepared an update for bullseye (3.0.32-2+deb11u1):
https://salsa.debian.org/debian/privoxy/-/tree/debian/bullseye
and will create an request for 11.2 release soon.

I also prepared an update for buster (3.0.28-2+deb10u2) including only
CVE-2021-44540 and CVE-2021-44543:
https://salsa.debian.org/debian/privoxy/-/tree/debian/buster
and will create an request for the next point release later.

Last but not least I prepared an update for strech (3.0.26-3+deb9u3)
including only CVE-2021-44540 and CVE-2021-44543:
https://salsa.debian.org/debian/privoxy/-/tree/debian/stretch
and will offer this to the LTS team.

It would great, if you could update the security tracker accordingly.

Greetings
Roland

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: privoxy CVE-2021-4454[0123] update
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: External check
Next by Date: Re: privoxy CVE-2021-4454[0123] update
Previous by thread: Bug#1001191: security-tracker: include more information in page titles
Next by thread: Re: privoxy CVE-2021-4454[0123] update
Index(es):
- Date
- Thread