On 2021/02/04 18:39, Bjorn Ketelaars wrote:
> A newer version of privoxy is available, which addresses 2 CVE's:
>
> CVE-2021-20217
> Prevent an assertion from getting triggered by a crafted CGI request.
>
> CVE-2021-20216
> Fixed a memory leak when decompression fails "unexpectedly".
>
> Lightly run tested on amd64.
>
> I think it makes sense to backport this update to 6.8.
>
> Comments, OK?
There's a missing $(DESTDIR) on line 971 of GNUmakefile.in that breaks
packaging if privoxy is already installed
> @group
> +share/examples/privoxy/templates/edit-actions-for-url-string-filter
That one needs an @sample adding too
> share/examples/privoxy/templates/edit-actions-list
> @owner _privoxy
> @group _privoxy
>
No comments:
Post a Comment