oss-sec mailing list archives

Re: CVE Request for Privoxy Version: 3.0.22

From: cve-assign () mitre org
Date: Sat, 10 Jan 2015 21:05:12 -0500 (EST)


On Wed, 7 Jan 2015, Yury German wrote:

Privoxy Version 3.0.22 has two vulnerabilities that were fixed in theversion of Privoxy 3.0.22. Can we please assign CVE(s) to this.
Fixed a memory leak when rejecting client connections due to
the socket limit being reached (CID 66382). This affected
Privoxy 3.0.21 when compiled with IPv6 support (on most
platforms this is the default).


Use CVE-2015-1030.

Fixed an immediate-use-after-free bug (CID 66394) and two
additional unconfirmed use-after-free complaints made by
Coverity scan (CID 66391, CID 66376).


Use CVE-2015-1031.

URL to the Page: http://www.privoxy.org/announce.txt<http://www.privoxy.org/announce.txt>


---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Current thread:

CVE Request for Privoxy Version: 3.0.22 Yury German (Jan 07)
- Re: CVE Request for Privoxy Version: 3.0.22 cve-assign (Jan 10)