Overview

File _patchinfo of Package patchinfo.17332

<patchinfo incident="17332">
  <issue tracker="bnc" id="1193584"></issue>
  <issue tracker="cve" id="2021-44543"/>
  <issue tracker="cve" id="2021-44542"/>
  <issue tracker="cve" id="2021-44540"/>
  <issue tracker="cve" id="2021-44541"/>
  <packager>AndreasStieger</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for privoxy</summary>
  <description>This update for privoxy fixes the following issues:

privoxy was updated to 3.0.33 (boo#1193584):

* CVE-2021-44543: Encode the template name to prevent XSS
  (cross-side scripting) when Privoxy is configured to servce
  the user-manual itself
* CVE-2021-44540: Free memory of compiled pattern spec
  before bailing
* CVE-2021-44541: Free header memory when failing to get the
  request destination.
* CVE-2021-44542: Prevent memory leaks when handling errors
* Disable fast-redirects for a number of domains
* Update default block lists
* Many bug fixes and minor enhancements
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places