oss-sec mailing list archives
Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable
From: Fabian Keil <freebsd-listen () fabiankeil de>
Date: Wed, 24 Mar 2021 06:31:10 +0100
Alan Coopersmith <alan.coopersmith () oracle com> wrote on 2021-03-23:
It looks like Red Hat has assigned CVE ids for these issues now, but not yet told Mitre to publish them:
I ran into issues getting CVE ids for Privoxy 3.0.29 as described in: https://seclists.org/oss-sec/2020/q4/234 and https://seclists.org/oss-sec/2021/q1/90 I've sent CVE ids to this list in February after I finally got them all: https://seclists.org/oss-sec/2021/q1/101 CVE ids for Privoxy 3.0.31 and 3.0.32 were assigned within days, though. In related news Canonical seems to have published an advisory for multiple Privoxy releases including 3.0.29 on 2021-03-22 which claims that "An attacker could possibly use this issue to cause a denial of service or obtain sensitive information.": https://ubuntu.com/security/notices/USN-4886-1 Obviously the memory leaks can be used for denial of service attacks but I'm not sure what the "obtain sensitive information" part is all about ... Fabian
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Fabian Keil (Feb 03)
- <Possible follow-ups>
- Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Alan Coopersmith (Mar 23)
- Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Fabian Keil (Mar 23)