Your message dated Tue, 20 Jan 2015 21:17:07 +0000 with message-id <e1ydgad-0002qa...@franck.debian.org> and subject line Bug#775167: fixed in privoxy 3.0.19-2+deb7u1 has caused the Debian Bug report #775167, regarding privoxy: CVE-2015-1030 CVE-2015-1031 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775167: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775167 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: privoxy Severity: grave Tags: security Hi Roland, privoxy 3.0.22 fixes security issues: http://www.privoxy.org/announce.txt Fixed a memory leak when rejecting client connections due to the socket limit being reached (CID 66382). This affected Privoxy 3.0.21 when compiled with IPv6 support (on most platforms this is the default). -> This is CVE-2015-1030 Fixed an immediate-use-after-free bug (CID 66394) and two additional unconfirmed use-after-free complaints made by Coverity scan (CID 66391, CID 66376). -> This is CVE-2015-1031 Since jessie is in freeze, please make a targeted upload instead of moving to the full 3.0.22 release. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: privoxy Source-Version: 3.0.19-2+deb7u1 We believe that the bug you reported is fixed in the latest version of privoxy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roland Rosenfeld <rol...@debian.org> (supplier of updated privoxy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 17 Jan 2015 17:20:15 +0100 Source: privoxy Binary: privoxy Architecture: source amd64 Version: 3.0.19-2+deb7u1 Distribution: stable-security Urgency: medium Maintainer: Roland Rosenfeld <rol...@debian.org> Changed-By: Roland Rosenfeld <rol...@debian.org> Description: privoxy - Privacy enhancing HTTP Proxy Closes: 775167 Changes: privoxy (3.0.19-2+deb7u1) stable-security; urgency=medium . * 35_CVE-2015-1031-CID66394: unmap(): Prevent use-after-free if the map only consists of one item. CID 66394. * 36_CVE-2015-1031-CID66376: pcrs_execute(): Consistently set *result to NULL in case of errors. Should make use-after-free in the caller less likely. CID 66391, CID 66376. * These 2 patches Closes: #775167. Checksums-Sha1: 274db380555a7b899fa5c19bb40d6800f2d4a57e 1824 privoxy_3.0.19-2+deb7u1.dsc a82287cbf48375ef449d021473a366baeca49250 1722316 privoxy_3.0.19.orig.tar.gz b9b38021e8ddfee8cd81e90880aebe8d06a9a307 20601 privoxy_3.0.19-2+deb7u1.debian.tar.gz 3c3f708b11ce8e9bc2e6a045f202db8e7e133bb5 633578 privoxy_3.0.19-2+deb7u1_amd64.deb Checksums-Sha256: 467f568a1ae13e86de0418635c3cf60e6dc031b510ffdc0f7a0bfd782f97aab0 1824 privoxy_3.0.19-2+deb7u1.dsc 816e627b31caa3d9e71d0a8b83ac9ea7dcbeaaafef3c9a9c792696aa56255232 1722316 privoxy_3.0.19.orig.tar.gz f2ebbde919e0bc0a206cd1c1680fcb5c55f7cf5c8b31686d22bdcfb21c7e5dd3 20601 privoxy_3.0.19-2+deb7u1.debian.tar.gz 9af0c6b317f69fd865415a93390f63ca65a0dc66e9442250a072c436d70906df 633578 privoxy_3.0.19-2+deb7u1_amd64.deb Files: d63736b5d5a8615d4fa18aa949182157 1824 web optional privoxy_3.0.19-2+deb7u1.dsc 57acc79059565cc42eda67982842785d 1722316 web optional privoxy_3.0.19.orig.tar.gz f23ce084f150727ebc018d4da45ac8c4 20601 web optional privoxy_3.0.19-2+deb7u1.debian.tar.gz df4fae1a8cc852f62d42c24570e0dfa6 633578 web optional privoxy_3.0.19-2+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUuuR5AAoJEBDCk7bDfE42zC4QAIMUHFUukDIJe9i5WVe86CzL 43sgxJFB5g/udMKQkDSe/yqxnO6ShR53BVx56U7oAhE6UwQIrNI2JAO3aND5kpH+ krhfMNSmFUkxJKNr02VDRIdmAZg/B01c1LOjJS8vKsXo4jwISNPnQJLMQxbDh22U ytPk6wKXdf8FHnXqjy4YMgvkINX16UZxjYghQQKMEGc9Lmouay4+uVg4Ac8LImHm ErVk6tEyAG/wdvvyGj9qvPkmvgT9+fXPYIELRsr8V5EytBe6Is9U5PbaT+ecQWiB SOYB5hkyt/vZMIKPaAqLB52yZei/tkPtlCA2dRAha+mJa1QBoZodIjQmj0XxeR+G VxcYD9QSiykF/3XDWAiFjiQYqLfdy5k0BojbKxN5L+Ma/upDNXmr4djHodh6gueh 1YBruPoYZV7nhGrcbzSwIp0cEE1Pj2CBmXT8mmLqhL01VnfrhFaLJ2JYCdLyIZVd c8DVyDdteG6313vMgJH5WVNWBkw0OJXY/T+cPhdTc/V3uNV5L+QVfju5WTJUAiAq mCIQRBSERsdgkRnaef+XLcOpMt14QOm+gGuf0bJh3vvzF0cSw/DI/+SqINWSux6r 0LzMjIUR38snUsINBbCTwMaVdEdIFBmFpb9ATAtCiS4akMAqxOPdYoYmDnU0oePo tN0e+ftGLdiRmKv6FEKe =O+wy -----END PGP SIGNATURE-----
--- End Message ---
