[Buildroot] [PATCH] package/privoxy: security bump to version 3.0.32

Peter Korsgaard peter at korsgaard.com
Sat Mar 13 15:04:21 UTC 2021

>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Privoxy 3.0.32 fixes a number of security issues:
 > - Security/Reliability:
 >   - ssplit(): Remove an assertion that could be triggered with a
 >     crafted CGI request.
 >     Commit 2256d7b4d67. OVE-20210203-0001.
 >     Reported by: Joshua Rogers (Opera)
 >   - cgi_send_banner(): Overrule invalid image types. Prevents a
 >     crash with a crafted CGI request if Privoxy is toggled off.
 >     Commit e711c505c48. OVE-20210206-0001.
 >     Reported by: Joshua Rogers (Opera)
 >   - socks5_connect(): Don't try to send credentials when none are
 >     configured. Fixes a crash due to a NULL-pointer dereference
 >     when the socks server misbehaves.
 >     Commit 85817cc55b9. OVE-20210207-0001.
 >     Reported by: Joshua Rogers (Opera)
 >   - chunked_body_is_complete(): Prevent an invalid read of size two.
 >     Commit a912ba7bc9c. OVE-20210205-0001.
 >     Reported by: Joshua Rogers (Opera)
 >   - Obsolete pcre: Prevent invalid memory accesses with an invalid
 >     pattern passed to pcre_compile(). Note that the obsolete pcre code
 >     is scheduled to be removed before the 3.0.33 release. There has been
 >     a warning since 2008 already.
 >     Commit 28512e5b624. OVE-20210222-0001.
 >     Reported by: Joshua Rogers (Opera)

 > for more details, see the announcement:
 > https://www.openwall.com/lists/oss-security/2021/02/28/1

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2020.02.x and 2020.11.x, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list