Privoxy 3.0.29 has been released today (November 28). The website hasn't been updated, but the ChangeLog is available at SourceForge. It lists 8 security fixes (no CVEs). Mageia 7 is also affected.
Created attachment 12025 [details] Privoxy 3.0.29 ChangeLog
Whiteboard: (none) => MGA7TOO
Hi, thanks for reporting this bug. Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it)
CC: (none) => ouaurelienAssignee: bugsquad => cjw
privoxy-3.0.29-1.mga8 uploaded for Cauldron by Stig-Ørjan.
Version: Cauldron => 7Whiteboard: MGA7TOO => (none)CC: (none) => smelror
Advisory ======== Privoxy has been updated to version 3.0.29 to fix 8 security issues. References ========== https://sourceforge.net/projects/ijbswa/files/Sources/3.0.29%20%28stable%29/announce.txt Files ===== Uploaded to core/updates_testing privoxy-3.0.29-1.mga7 from privoxy-3.0.29-1.mga7.src.rpm
Assignee: cjw => smelror
Thanks. Hopefully the version on the website will be updated by time we push this: http://www.privoxy.org/announce.txt
Assignee: smelror => qa-bugs
Security fixes posted here, use this for References rather than URL in Comment 4: https://www.openwall.com/lists/oss-security/2020/11/29/1
MGA7-64 MATE on Peaq C1011 No installation issues. # systemctl start privoxy # systemctl -l status privoxy ● privoxy.service - Privacy enhancing HTTP Proxy Loaded: loaded (/usr/lib/systemd/system/privoxy.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2020-12-04 16:07:13 CET; 34s ago Process: 16753 ExecStart=/usr/sbin/privoxy --pidfile /run/privoxy.pid --user daemon.daemon /etc/privoxy/config (code=exited, status=0/SUCCESS) Main PID: 16754 (privoxy) Tasks: 1 (limit: 2288) Memory: 1.3M CGroup: /system.slice/privoxy.service └─16754 /usr/sbin/privoxy --pidfile /run/privoxy.pid --user daemon.daemon /etc/privoxy/config Dec 04 16:07:12 mach6.hviaene.thuis systemd[1]: Starting Privacy enhancing HTTP Proxy... Dec 04 16:07:13 mach6.hviaene.thuis systemd[1]: Started Privacy enhancing HTTP Proxy Ref bug 14892 for testing. Change firefox network settings to proxy localhost port 8118 and open this port in firewall. Browse to a non-existent host, e.g. http://www.n.zz/ And I see a privoxy page saying "No such domain". OK Browse to http://ad.example.com/ And I see a privoxy page saying "Request for blocked URL" with reason "Host matches generic block pattern". Browse to www.google.be, blocked as well, anyone wondering??? OK for me.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 4.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Advisory pushed to SVN.
Keywords: (none) => advisorySource RPM: privoxy-3.0.28-3.mga8.src.rpm => privoxy-3.0.28-1.mga7.src.rpm
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0447.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
CVEs have been assigned for this update: https://www.openwall.com/lists/oss-security/2021/02/03/3
Summary: privoxy 3.0.29 fixes security issues => privoxy 3.0.29 fixes security issues (CVE-2020-35502, CVE-2021-20209, CVE-2021-2021[0-5])