Debian Bug report logs -
#702896
privoxy: CVE-2013-2503
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 12 Mar 2013 16:27:02 UTC
Severity: important
Tags: security
Fixed in version privoxy/3.0.21-1
Done: Roland Rosenfeld <roland@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Roland Rosenfeld <roland@debian.org>:
Bug#702896; Package privoxy.
(Tue, 12 Mar 2013 16:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Roland Rosenfeld <roland@debian.org>.
(Tue, 12 Mar 2013 16:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: privoxy
Severity: important
Tags: security
Please see
http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Roland Rosenfeld <roland@debian.org>:
Bug#702896; Package privoxy.
(Sat, 18 May 2013 10:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Roland Rosenfeld <roland@debian.org>.
(Sat, 18 May 2013 10:42:04 GMT) (full text, mbox, link).
Message #10 received at 702896@bugs.debian.org (full text, mbox, reply):
On Tue, Mar 12, 2013 at 05:20:01PM +0100, Moritz Muehlenhoff wrote:
> Package: privoxy
> Severity: important
> Tags: security
>
> Please see
> http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/
What's the status? Is there a fix upstream?
Cheers,
Moritz
Reply sent
to Roland Rosenfeld <roland@debian.org>:
You have taken responsibility.
(Fri, 05 Jul 2013 15:24:25 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Fri, 05 Jul 2013 15:24:25 GMT) (full text, mbox, link).
Message #15 received at 702896-close@bugs.debian.org (full text, mbox, reply):
Source: privoxy
Source-Version: 3.0.21-1
We believe that the bug you reported is fixed in the latest version of
privoxy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 702896@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Rosenfeld <roland@debian.org> (supplier of updated privoxy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Fri, 05 Jul 2013 14:46:54 +0200
Source: privoxy
Binary: privoxy
Architecture: source amd64
Version: 3.0.21-1
Distribution: unstable
Urgency: low
Maintainer: Roland Rosenfeld <roland@debian.org>
Changed-By: Roland Rosenfeld <roland@debian.org>
Description:
privoxy - Privacy enhancing HTTP Proxy
Closes: 702896
Changes:
privoxy (3.0.21-1) unstable; urgency=low
.
* New upstream version 3.0.21-stable.
* This fixes CVE-2013-2503 (Closes: #702896).
* Update all patches.
* Upgrade to Standards-Version 3.9.4 (no changes).
Checksums-Sha1:
8acbeb87b8e847176a486f4d3e321c61805415cc 1180 privoxy_3.0.21-1.dsc
2d73a9146e87218b25989096f63ab0772ce24109 1733120 privoxy_3.0.21.orig.tar.gz
1b709ceb0192577df1df25619aa15a7b18b64a6d 19324 privoxy_3.0.21-1.debian.tar.gz
35fc90652c3584f9cebc623ceda5dc5be657f249 646798 privoxy_3.0.21-1_amd64.deb
Checksums-Sha256:
7557c5b222aa0eb8503a893e7758bb38551068214aafa508b25cd3ed5f274cbf 1180 privoxy_3.0.21-1.dsc
5ec7e601948d2bd0ebf0ebe90eed7d49e7663c395ce16d0403e91ea2d459ddb8 1733120 privoxy_3.0.21.orig.tar.gz
68584cc1b1f7b46b7c02ea474606ee9f5c9bf5da9e2dd4696278595410270c4e 19324 privoxy_3.0.21-1.debian.tar.gz
e68f96fd1dafa32a90e43d4342ad3693a0e12ef0e3292f73d5909cdffe77d65e 646798 privoxy_3.0.21-1_amd64.deb
Files:
f0c526915cfc024decf08943cd8807ab 1180 web optional privoxy_3.0.21-1.dsc
79558f2545cfcf9731f7de611646d837 1733120 web optional privoxy_3.0.21.orig.tar.gz
b5260f10580a442f5bc834e0bea9aca2 19324 web optional privoxy_3.0.21-1.debian.tar.gz
3c6009c271b1d11edc917c059aced42e 646798 web optional privoxy_3.0.21-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAlHW3ZgACgkQO7/Pd72LBQ2v5wCfZzozwujm9Jbg0/bNmoiV4dkU
gy0AoLEl1bn5VeVtNmim4y4Lso8B+G9o
=1upa
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 29 Jan 2014 07:35:15 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:32:12 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon