oss-sec mailing list archives
Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable
From: Fabian Keil <freebsd-listen () fabiankeil de>
Date: Wed, 3 Feb 2021 12:05:55 +0100
Fabian Keil <freebsd-listen () fabiankeil de> wrote on 2020-11-29:
Announcing Privoxy 3.0.29 stable -------------------------------------------------------------------- Privoxy 3.0.29 stable fixes a couple of memory leaks and introduces https inspection which allows to filter encrypted requests and responses. -------------------------------------------------------------------- ChangeLog for Privoxy 3.0.29 --------------------------------------------------------------------
Here are the updated ChangeLog entries with CVEs: - Security/Reliability: - Fixed memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory. Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001. CVE-2020-35502. Sponsored by: Robert Klemme - Fixed a memory leak in the show-status CGI handler when no action files are configured. Commit c62254a686. OVE-20201118-0002. CVE-2021-20209. Sponsored by: Robert Klemme - Fixed a memory leak in the show-status CGI handler when no filter files are configured. Commit 1b1370f7a8a. OVE-20201118-0003. CVE-2021-20210. Sponsored by: Robert Klemme - Fixes a memory leak when client tags are active. Commit 245e1cf32. OVE-20201118-0004. CVE-2021-20211. Sponsored by: Robert Klemme - Fixed a memory leak if multiple filters are executed and the last one is skipped due to a pcre error. Commit 5cfb7bc8fe. OVE-20201118-0005. CVE-2021-20212. - Prevent an unlikely dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. Commit 7530132349. CID 267165. OVE-20201118-0006. CVE-2021-20213. - Fixed memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail. Commit cf5640eb2a. CID 267168. OVE-20201118-0007. CVE-2021-20214. - Fixed memory leaks in the show-status CGI handler when memory allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3. CID 305233. OVE-20201118-0008. CVE-2021-20215. Fabian
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Fabian Keil (Feb 03)
- <Possible follow-ups>
- Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Alan Coopersmith (Mar 23)
- Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Fabian Keil (Mar 23)