| Summary: | privoxy 3.0.29 fixes security issues (CVE-2020-35502, CVE-2021-20209, CVE-2021-2021[0-5]) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, ouaurelien, smelror, sysadmin-bugs |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | privoxy-3.0.28-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
| Attachments: | Privoxy 3.0.29 ChangeLog | ||
|
Description
David Walser
2020-11-28 22:14:12 CET
Created attachment 12025 [details]
Privoxy 3.0.29 ChangeLog
David Walser
2020-11-28 22:14:53 CET
Whiteboard:
(none) =>
MGA7TOO Hi, thanks for reporting this bug. Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it) CC:
(none) =>
ouaurelien privoxy-3.0.29-1.mga8 uploaded for Cauldron by Stig-Ørjan. Version:
Cauldron =>
7 Advisory ======== Privoxy has been updated to version 3.0.29 to fix 8 security issues. References ========== https://sourceforge.net/projects/ijbswa/files/Sources/3.0.29%20%28stable%29/announce.txt Files ===== Uploaded to core/updates_testing privoxy-3.0.29-1.mga7 from privoxy-3.0.29-1.mga7.src.rpm Assignee:
cjw =>
smelror Thanks. Hopefully the version on the website will be updated by time we push this: http://www.privoxy.org/announce.txt Assignee:
smelror =>
qa-bugs Security fixes posted here, use this for References rather than URL in Comment 4: https://www.openwall.com/lists/oss-security/2020/11/29/1 MGA7-64 MATE on Peaq C1011
No installation issues.
# systemctl start privoxy
# systemctl -l status privoxy
● privoxy.service - Privacy enhancing HTTP Proxy
Loaded: loaded (/usr/lib/systemd/system/privoxy.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2020-12-04 16:07:13 CET; 34s ago
Process: 16753 ExecStart=/usr/sbin/privoxy --pidfile /run/privoxy.pid --user daemon.daemon /etc/privoxy/config (code=exited, status=0/SUCCESS)
Main PID: 16754 (privoxy)
Tasks: 1 (limit: 2288)
Memory: 1.3M
CGroup: /system.slice/privoxy.service
└─16754 /usr/sbin/privoxy --pidfile /run/privoxy.pid --user daemon.daemon /etc/privoxy/config
Dec 04 16:07:12 mach6.hviaene.thuis systemd[1]: Starting Privacy enhancing HTTP Proxy...
Dec 04 16:07:13 mach6.hviaene.thuis systemd[1]: Started Privacy enhancing HTTP Proxy
Ref bug 14892 for testing. Change firefox network settings to proxy localhost port 8118 and open this port in firewall.
Browse to a non-existent host, e.g. http://www.n.zz/
And I see a privoxy page saying "No such domain". OK
Browse to http://ad.example.com/
And I see a privoxy page saying "Request for blocked URL" with reason "Host matches generic block pattern".
Browse to www.google.be, blocked as well, anyone wondering???
OK for me.Whiteboard:
(none) =>
MGA7-64-OK Validating. Advisory in Comment 4. CC:
(none) =>
andrewsfarm, sysadmin-bugs Advisory pushed to SVN. Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0447.html Status:
NEW =>
RESOLVED CVEs have been assigned for this update: https://www.openwall.com/lists/oss-security/2021/02/03/3 Summary:
privoxy 3.0.29 fixes security issues =>
privoxy 3.0.29 fixes security issues (CVE-2020-35502, CVE-2021-20209, CVE-2021-2021[0-5]) |