commit privoxy for openSUSE:Factory

Mon, 13 Dec 2021 11:51:15 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package privoxy for openSUSE:Factory checked 
in at 2021-12-13 20:44:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/privoxy (Old)
 and      /work/SRC/openSUSE:Factory/.privoxy.new.2520 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "privoxy"

Mon Dec 13 20:44:57 2021 rev:56 rq:940212 version:3.0.33

Changes:
--------
--- /work/SRC/openSUSE:Factory/privoxy/privoxy.changes  2021-10-26 
20:14:57.390049829 +0200
+++ /work/SRC/openSUSE:Factory/.privoxy.new.2520/privoxy.changes        
2021-12-13 20:51:07.128662650 +0100
@@ -1,0 +2,16 @@
+Fri Dec 10 19:50:34 UTC 2021 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- privoxy 3.0.33 (boo#1183584):
+  * CVE-2021-44543: Encode the template name to prevent XSS
+    (cross-side scripting) when Privoxy is configured to servce
+    the user-manual itself
+  * CVE-2021-44540: Free memory of compiled pattern spec
+    before bailing
+  * CVE-2021-44541: Free header memory when failing to get the
+    request destination.
+  * CVE-2021-44542: Prevent memory leaks when handling errors
+  * Disable fast-redirects for a number of domains
+  * Update default block lists
+  * Many bug fixes and minor enhancements
+
+-------------------------------------------------------------------

Old:
----
  privoxy-3.0.32-stable-src.tar.gz
  privoxy-3.0.32-stable-src.tar.gz.asc

New:
----
  privoxy-3.0.33-stable-src.tar.gz
  privoxy-3.0.33-stable-src.tar.gz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ privoxy.spec ++++++
--- /var/tmp/diff_new_pack.8Tsw9a/_old  2021-12-13 20:51:07.712663024 +0100
+++ /var/tmp/diff_new_pack.8Tsw9a/_new  2021-12-13 20:51:07.716663026 +0100
@@ -18,7 +18,7 @@
 
 %define chroot %{_localstatedir}/lib/privoxy
 Name:           privoxy
-Version:        3.0.32
+Version:        3.0.33
 Release:        0
 Summary:        The Internet Junkbuster - HTTP Proxy Server
 License:        GPL-3.0-or-later

++++++ privoxy-3.0.32-stable-src.tar.gz -> privoxy-3.0.33-stable-src.tar.gz 
++++++
++++ 42757 lines of diff (skipped)

Reply via email to