Summary: | <net-proxy/privoxy-3.0.23: Multiple vulnerabilities (CVE-2015-{1380,1381,1382}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bircoph |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2015/q1/259 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 531292 |
Description
Kristian Fiskerstrand (RETIRED)
2015-01-26 17:37:35 UTC
privoxy-3.0.23 in tree. No unstable versions left. Arch teams, please stabilize ver. 3.0.23. amd64 stable ppc stable CVE-2015-1382 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1382): parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. CVE-2015-1381 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1381): Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. CVE-2015-1380 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1380): jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. x86 stable sparc stable ppc64 stable alpha stable arm stable, all arches done. All vulnerable versions are removed from tree. Arches, thank you for your work. GLSA Vote: No Arches and Maintainer(s), Thank you for your work. GLSA Vote: No |