Thursday, February 04, 2021

Re: Security UPDATE www/privoxy

On 2021/02/04 18:39, Bjorn Ketelaars wrote:
> A newer version of privoxy is available, which addresses 2 CVE's:
>
> CVE-2021-20217
> Prevent an assertion from getting triggered by a crafted CGI request.
>
> CVE-2021-20216
> Fixed a memory leak when decompression fails "unexpectedly".
>
> Lightly run tested on amd64.
>
> I think it makes sense to backport this update to 6.8.
>
> Comments, OK?

There's a missing $(DESTDIR) on line 971 of GNUmakefile.in that breaks
packaging if privoxy is already installed

> @group
> +share/examples/privoxy/templates/edit-actions-for-url-string-filter

That one needs an @sample adding too

> share/examples/privoxy/templates/edit-actions-list
> @owner _privoxy
> @group _privoxy
>

No comments:

Post a Comment