Your message dated Wed, 14 Jan 2015 18:33:24 +0000 with message-id <e1ybsku-0004hr...@franck.debian.org> and subject line Bug#775167: fixed in privoxy 3.0.21-5 has caused the Debian Bug report #775167, regarding privoxy: CVE-2015-1030 CVE-2015-1031 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775167: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775167 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: privoxy Severity: grave Tags: security Hi Roland, privoxy 3.0.22 fixes security issues: http://www.privoxy.org/announce.txt Fixed a memory leak when rejecting client connections due to the socket limit being reached (CID 66382). This affected Privoxy 3.0.21 when compiled with IPv6 support (on most platforms this is the default). -> This is CVE-2015-1030 Fixed an immediate-use-after-free bug (CID 66394) and two additional unconfirmed use-after-free complaints made by Coverity scan (CID 66391, CID 66376). -> This is CVE-2015-1031 Since jessie is in freeze, please make a targeted upload instead of moving to the full 3.0.22 release. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: privoxy Source-Version: 3.0.21-5 We believe that the bug you reported is fixed in the latest version of privoxy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roland Rosenfeld <rol...@debian.org> (supplier of updated privoxy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 12 Jan 2015 08:44:23 +0100 Source: privoxy Binary: privoxy Architecture: source amd64 Version: 3.0.21-5 Distribution: unstable Urgency: low Maintainer: Roland Rosenfeld <rol...@debian.org> Changed-By: Roland Rosenfeld <rol...@debian.org> Description: privoxy - Privacy enhancing HTTP Proxy Closes: 775167 Changes: privoxy (3.0.21-5) unstable; urgency=low . * 34_CVE-2015-1030: Fix memory leak in rfc2553_connect_to(). CID 66382 * 35_CVE-2015-1031-CID66394: unmap(): Prevent use-after-free if the map only consists of one item. CID 66394. * 36_CVE-2015-1031-CID66376: pcrs_execute(): Consistently set *result to NULL in case of errors. Should make use-after-free in the caller less likely. CID 66391, CID 66376. * These 3 patches Closes: #775167. Checksums-Sha1: e6de1fb4dae35b1765d0fac21245533af1f72338 1841 privoxy_3.0.21-5.dsc bf3a257c75fa653a9a1f5c18bd40ab1ad9532f6b 18864 privoxy_3.0.21-5.debian.tar.xz 7e56e47a8a3ad648066071fd56d491e9410dc189 493654 privoxy_3.0.21-5_amd64.deb Checksums-Sha256: 251dc957fe855ead7ce80390d8318e0bf914c051e51fdbd26023e9c34175ca6e 1841 privoxy_3.0.21-5.dsc ce5275e0b99103b88435c2f072b6fa7ff005ad6f2297339580e42c3c1d56286a 18864 privoxy_3.0.21-5.debian.tar.xz d52861ea26d591e38811fe894da679bbb703ba0838c7a34a75d89a3a4f5fe882 493654 privoxy_3.0.21-5_amd64.deb Files: f99d22c2f2c4fa8ef232c156f6ce0591 1841 web optional privoxy_3.0.21-5.dsc 35dba6d4a63f69aab569d94e2d1005e5 18864 web optional privoxy_3.0.21-5.debian.tar.xz 9c20250c5b6c96c3976b1e9c214d07c7 493654 web optional privoxy_3.0.21-5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJUtrKvAAoJEAJxO8/KVBCyoRIQAJyKr2nRPyDdfXc0GsO53b6C quhp4XihgZNadkJY3jqNuwV5h+Rtk919CGV6U7WZySVPmFMXIDZmt4rTTc0nzCnR vmI531bTWcV0yksxiFz5X+bpM4t8EnSDWdbY/hjI/HsbNJ0JFITj0b9A+T+SLojC XIP+xWiOwg5CskSnp0cuLUqoOSuLgN6cVrrTEK50Yav9c+0U0OKEd9nK1/Ai8Ut0 8fFfnn+SGjWPWq6VuZa58Una4dmyoWUOEL5Y/gBsb53v9VeYQut8CNKocHn8ERYG 82cHu+tnOvxRaPH29bN45yrA8NhYSuDdwiXa0FWmpLQb8Yggz9oTNWcQanaNJUxo Ae2p2OVywihZjXjrY4hEfSr6rNy5NHNQ37K996kE+QMfvD9fGkCXjoYos+zLdPB1 9QYbeg/co40x2xx8EbO7cSwUrdbL46kb48vwWzY1HrGSJ6xAMUf2FV6j+WnZANBN YnczL5iHM/QM21CE+ei4V/prkkYE6HrdMgklbwHmK7tNzuxWY9PIzXnxfINjRJiv wEXQPTrrL8nWwAYW+nL7AvAecp3SBcEl+j3mMZkMD+cTTyluMDdxu88cdNmB8yMS +fX6uU7BHu1VoA3iI61UdYOzYirDiDvxGs9/pshfXO8TRTKVbCJ3LngIzvXv+uP4 d74OqpxwtJZ4PoTSodDD =Dx9z -----END PGP SIGNATURE-----
--- End Message ---
