[Secure-testing-team] Bug#775167: privoxy: CVE-2015-1030 CVE-2015-1031
Moritz Muehlenhoff
jmm at inutil.org
Mon Jan 12 05:54:36 UTC 2015
Package: privoxy
Severity: grave
Tags: security
Hi Roland,
privoxy 3.0.22 fixes security issues:
http://www.privoxy.org/announce.txt
Fixed a memory leak when rejecting client connections due to
the socket limit being reached (CID 66382). This affected
Privoxy 3.0.21 when compiled with IPv6 support (on most
platforms this is the default).
-> This is CVE-2015-1030
Fixed an immediate-use-after-free bug (CID 66394) and two
additional unconfirmed use-after-free complaints made by
Coverity scan (CID 66391, CID 66376).
-> This is CVE-2015-1031
Since jessie is in freeze, please make a targeted upload
instead of moving to the full 3.0.22 release.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list