From ${URL} : Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. For details see: http://www.privoxy.org/ or http://jvauzb4sb3bwlsnc.onion/ A couple of invalid reads were fixed in Privoxy 3.0.24 whose release is scheduled for this weekend. Two of them are security issues (remote DoS when built with ASAN), please assign CVEs: - Prevent invalid reads in case of corrupt chunk-encoded content. http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/filters.c?r1=1.196&r2=1.197 - Remove empty Host headers in client requests. Previously they would result in invalid reads. http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303 The issues were found with afl-fuzz and AddressSanitizer. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Privoxy 3.0.24 is in the tree (as unstable). This is a bugfix release, no new features so far, so it should be sufficient to stabilize after a week or two.
Arch teams, please stabilize =net-proxy/privoxy-3.0.24
amd64 stable
Stable on alpha.
arm stable
Stable for PPC64.
x86 stable
ppc stable
sparc stable. Maintainer(s), please cleanup. Security, please vote.
All vulnerable versions are removed from the tree.
GLSA Vote: No