Privoxy 3.0.32 has been released on February 25. The announcement will end up here, but is only on SourceForge for now: http://www.privoxy.org/announce.txt It lists 5 security fixes. Mageia 7 and Mageia 8 are also affected.
Created attachment 12400 [details] Privoxy 3.0.32 ChangeLog
Whiteboard: (none) => MGA8TOO, MGA7TOO
Various packagers have dealt with this in the past, so having to assign this bug globally.
Assignee: bugsquad => pkg-bugs
3.0.32 release announcement: https://www.openwall.com/lists/oss-security/2021/02/28/1 https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html
fixed in cauldron : privoxy-3.0.32-1.mga9 src for mga 7/8: - privoxy-3.0.32-1.mga7 - privoxy-3.0.32-1.mga8
CC: (none) => mageiaVersion: Cauldron => 8Whiteboard: MGA8TOO, MGA7TOO => MGA7TOOAssignee: pkg-bugs => qa-bugs
Advisory: ======================== Updated privoxy package fixes security vulnerabilities: The privoxy package has been updated to version 3.0.32, fixing five security issues and several other bugs. References: https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html
CVEs assigned: https://www.openwall.com/lists/oss-security/2021/03/06/2
Summary: privoxy 3.0.32 fixes security issues => privoxy 3.0.32 fixes security issues (CVE-2021-2027[2-6])
MGA7-64 MATE on PeaqC1011 No installation issues. Followed tests as in bug 28281 Comment 10, all worked OK. Side note: could you provide the exact rpm names, as QARepo is a very usefull tool, but quite picky on names.
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OKCC: (none) => herman.viaene
He actually did, there are no subpackages for this one. Qarepo is overkill for a single package update too.
Yes, sorry, I overlooked a typo I made myself.
MGA8-64 Plasma on AMD Phenom II. Using qarepo here may be "overkill," but it doesn't require activating the updates_testing repos, so it is simpler. No installation issues. Tried following the tests in bug 28281 Comment 10. Started the service, checked status, but fumbled configuring the firewall and Firefox. Firefox wouldn't connect to anything. Removed all of the attempted changes, stopped the privoxy service, and Firefox was working again. Going to OK this for MGA8, based on a clean install and being able to start and stop the service. Since the same version is being used on MGA7, chances are it would also work correctly on MGA8, if someone who knew what he was doing attempted to use it. Validating. Advisory in Comment 5.
Whiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0166.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Debian-LTS has issued an advisory for this on March 9: https://www.debian.org/lts/security/2021/dla-2587