Debian Bug report logs -
#776490
privoxy: CVE-2015-1380 CVE-2015-1381 CVE-2015-1382
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 28 Jan 2015 16:15:02 UTC
Severity: grave
Tags: fixed-upstream, patch, security, upstream
Found in version privoxy/3.0.21-5
Fixed in versions privoxy/3.0.21-6, privoxy/3.0.21-7, privoxy/3.0.19-2+deb7u2
Done: Roland Rosenfeld <roland@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Roland Rosenfeld <roland@debian.org>:
Bug#776490; Package src:privoxy.
(Wed, 28 Jan 2015 16:15:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Roland Rosenfeld <roland@debian.org>.
(Wed, 28 Jan 2015 16:15:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: privoxy
Version: 3.0.21-5
Severity: grave
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerabilities were published for privoxy.
CVE-2015-1380[0]:
denial of service
CVE-2015-1381[1]:
multiple segmentation faults and memory leaks in the pcrs code
CVE-2015-1382[2]:
invalid read
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-1380
[1] https://security-tracker.debian.org/tracker/CVE-2015-1381
[2] https://security-tracker.debian.org/tracker/CVE-2015-1382
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Roland Rosenfeld <roland@debian.org>:
You have taken responsibility.
(Wed, 28 Jan 2015 18:21:09 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 28 Jan 2015 18:21:09 GMT) (full text, mbox, link).
Message #10 received at 776490-close@bugs.debian.org (full text, mbox, reply):
Source: privoxy
Source-Version: 3.0.21-6
We believe that the bug you reported is fixed in the latest version of
privoxy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 776490@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Rosenfeld <roland@debian.org> (supplier of updated privoxy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 28 Jan 2015 17:49:15 +0100
Source: privoxy
Binary: privoxy
Architecture: source amd64
Version: 3.0.21-6
Distribution: unstable
Urgency: medium
Maintainer: Roland Rosenfeld <roland@debian.org>
Changed-By: Roland Rosenfeld <roland@debian.org>
Description:
privoxy - Privacy enhancing HTTP Proxy
Closes: 776490
Changes:
privoxy (3.0.21-6) unstable; urgency=medium
.
* 37_CVE-2015-1380: denial of service.
* 38_CVE-2015-1381: multiple segmentation faults and memory leaks in the
pcrs code.
* 39_CVE-2015-1381: invalid read.
* These 3 patches Closes: #776490.
Checksums-Sha1:
caecdf47e4a6390987449923b1c99389bc1f2647 1824 privoxy_3.0.21-6.dsc
9f7c76600be352a5644bdfadbc616974a45c0fb2 20692 privoxy_3.0.21-6.debian.tar.xz
686ba9bc2759989038d362b14b7ca76c3f671b46 493746 privoxy_3.0.21-6_amd64.deb
Checksums-Sha256:
d2e08ef38990434c755fe688fa53f423f7d601b2b50922d9ca45ea0238e4febc 1824 privoxy_3.0.21-6.dsc
8787848de1b78d0e2283a5b37f1377ce192ad75621c8952a93a5522965de0456 20692 privoxy_3.0.21-6.debian.tar.xz
70162fce60aa61ab64f11ac7783fad05631d02dba6a300a46190bdbc377e3b40 493746 privoxy_3.0.21-6_amd64.deb
Files:
6f425e18cd1b6f76debee5e63dc06d99 1824 web optional privoxy_3.0.21-6.dsc
3b172045888b4aeb5ec5eaa2516f4460 20692 web optional privoxy_3.0.21-6.debian.tar.xz
20b46da2f77ac87d0c7d686ed13044a4 493746 web optional privoxy_3.0.21-6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUySSFAAoJEAJxO8/KVBCyRQwQAJpcjAJUJj2K97xV22GqC8+i
ylcVZyDktmeA5hgofIlphHtKQZ11uNJ5yBhp9TZ0jPkPu+5ZMUfLFhGyFiATiPYA
saKT0DSqiR1WMUB3z7Y94PhUcBB/2m47JJyMiwWRtVE5FkZ7zsoLyQT7FPPBeSOL
W7DS2r7iP/LP4VNgnAgndMUuu6BPljUbwHlvI56ynd07VH1HkG9sNvpPU4LAUvls
KaEu8fi9YiGiJYohDQWN7aKm2E0HQZKqvmaVljF8u98h7lW/zokOmqiG3If0MgA8
YxbCCw2w/6Udh6m7qKyAj0jJhFFNNb1KVxfzJjJ/Hq/5O64mcVKo+8/RM4JbKI1g
XcZGDRY+BahsM0l+ZlNxWVHZzHr30V1T/uxa5uNYEOpi96SGiX9o04rpmZgH9mq5
T5zlk0D6FdU0l3euM3ykeodbi4QwntKmtIH9zYogtEz9zTaTinLInVAfF5H+T/73
KrMsyJ6A2QI6DxsD/IGdKHaZRL45U5uEeDQKN2lERafAFHnwH1Ae7kPhbfpfM3ze
oPtk9SmvLB6LNy622oLbqAKHBoFZmRIHf80lQNzkOtH7bgo49luY6Xt1yRcM6cSb
/apGMKR48ot77J1fkOKJsqR7wRUgMLGXwN1fC3gFGf0UIzWq3W/+gVpDPavKq0Tz
1p99IYVHcGQ7HfMhY7AU
=iHUZ
-----END PGP SIGNATURE-----
Reply sent
to Roland Rosenfeld <roland@debian.org>:
You have taken responsibility.
(Wed, 28 Jan 2015 19:06:10 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 28 Jan 2015 19:06:10 GMT) (full text, mbox, link).
Message #15 received at 776490-close@bugs.debian.org (full text, mbox, reply):
Source: privoxy
Source-Version: 3.0.21-7
We believe that the bug you reported is fixed in the latest version of
privoxy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 776490@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Rosenfeld <roland@debian.org> (supplier of updated privoxy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 28 Jan 2015 19:46:42 +0100
Source: privoxy
Binary: privoxy
Architecture: source amd64
Version: 3.0.21-7
Distribution: unstable
Urgency: medium
Maintainer: Roland Rosenfeld <roland@debian.org>
Changed-By: Roland Rosenfeld <roland@debian.org>
Description:
privoxy - Privacy enhancing HTTP Proxy
Closes: 776490
Changes:
privoxy (3.0.21-7) unstable; urgency=medium
.
* 37_CVE-2015-1380: denial of service.
* 38_CVE-2015-1381: multiple segmentation faults and memory leaks in the
pcrs code.
* 39_CVE-2015-1382: invalid read.
* These 3 patches Closes: #776490.
Checksums-Sha1:
1636758a325c8085834bdc4c56388e06365dc060 1824 privoxy_3.0.21-7.dsc
01ddc80bcfdfb04b0c8dfcda67bc76478fc5a3e9 20772 privoxy_3.0.21-7.debian.tar.xz
a73d60db94283891c3a8ef4cd88a827b072087d0 493744 privoxy_3.0.21-7_amd64.deb
Checksums-Sha256:
d75f232d3b4991127c752c1d5f1be4d89ad1297d6e05e6318f1d029d236d00b7 1824 privoxy_3.0.21-7.dsc
b759e3772a0b310840bb1e46046554630e46c917fa79fd76719f3d76816a297e 20772 privoxy_3.0.21-7.debian.tar.xz
6c1c50ebcf84c1af9a591003956ca3e2984e27ee0f68bd6d257fe2f2a997c0c5 493744 privoxy_3.0.21-7_amd64.deb
Files:
9b8abc89fa09c732c790bf637e9dadb4 1824 web optional privoxy_3.0.21-7.dsc
af768dd87f67f947a807c6ed8f7f47df 20772 web optional privoxy_3.0.21-7.debian.tar.xz
3b535b4b082b23ea66dfdeb46ca7e9f5 493744 web optional privoxy_3.0.21-7_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUyTBaAAoJEAJxO8/KVBCydSYP/jWVN2G2nbs0o+xSHxnEqCdj
3DLfoanGae39ryErYBdjkm4rOvsVZU1Ts72/5eX04GPgqYLrppBBNNol9PSHFxPi
yIJgPkJrgSOgkP+YVFTlMJh01j7giQclbg5Hd44E46r2x6dWd7dTvLyPBmRFwiSs
S5eqsODVNjX7slQUGXvscNn7R2urUHGcw6vtsNl09agl5EXbtZr7YzcLaAWm18xP
GUNVM0TkBqcRbpLuaxjVwJpzR5EDb02VrFVB/A703mHrc9cX0t2lx5iUegt8syRd
D3li3sg2Bnz+7NXMAYpRqtfeOw3cwcdeumwzoifN93Y5QR++U36hIQyQCZAhSc1/
/ifamv6JpcRearWq3G2dpCRInc9ErwnsBVlJI1tvYgFcvBsZvFzS5Mihvjspsqrw
i0H1m2Ed0EDENVkvaW8NTr5FVLG4VIJBNqrlZi9AuupKIX4xBymuyL/pbtRfd4z1
oskJsWwxaKNhhKoHzPu27ieEBozR6565Q8Of3Hhi37Fibcu4g8QAq8zhvU1lK7fQ
xDgituodsggSI06r5JnL69FuHFRRNxQke4AJP3cKpLq83w1zQJz56lmO37U6puif
iMBy9PPmm+dRya+BPhi/d3Sg+nmncnFcsH7XVm5Ec8mMX08H1YAIm5ga16fhPEL4
df66O0S43vJ6OhIdsfjr
=jDnP
-----END PGP SIGNATURE-----
Reply sent
to Roland Rosenfeld <roland@debian.org>:
You have taken responsibility.
(Wed, 04 Feb 2015 23:03:12 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 04 Feb 2015 23:03:12 GMT) (full text, mbox, link).
Message #20 received at 776490-close@bugs.debian.org (full text, mbox, reply):
Source: privoxy
Source-Version: 3.0.19-2+deb7u2
We believe that the bug you reported is fixed in the latest version of
privoxy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 776490@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Rosenfeld <roland@debian.org> (supplier of updated privoxy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 28 Jan 2015 20:33:47 +0100
Source: privoxy
Binary: privoxy
Architecture: source amd64
Version: 3.0.19-2+deb7u2
Distribution: wheezy-security
Urgency: medium
Maintainer: Roland Rosenfeld <roland@debian.org>
Changed-By: Roland Rosenfeld <roland@debian.org>
Description:
privoxy - Privacy enhancing HTTP Proxy
Closes: 776490
Changes:
privoxy (3.0.19-2+deb7u2) wheezy-security; urgency=medium
.
* 38_CVE-2015-1381: multiple segmentation faults and memory leaks in the
pcrs code.
* 39_CVE-2015-1382: invalid read.
* These 2 patches Closes: #776490 in wheezy.
Checksums-Sha1:
913524b0bf23c82f3f1ed41637bd7db378d7e1f4 1826 privoxy_3.0.19-2+deb7u2.dsc
9e508293711250e90d6fcf75ee13e569a615c4d7 22336 privoxy_3.0.19-2+deb7u2.debian.tar.gz
a5ee45379a7ef4f66aac61ce520c45cc7a469920 629734 privoxy_3.0.19-2+deb7u2_amd64.deb
Checksums-Sha256:
2511634342de719359618fad1b6d37df4fe3e96accf8d3b2f69ea2826f643157 1826 privoxy_3.0.19-2+deb7u2.dsc
ba1a43b29cbe3c10838e8890e246a279804ff357f79dc5f02443fd4a5632cced 22336 privoxy_3.0.19-2+deb7u2.debian.tar.gz
68c06c05867b81218f3f77451388a4726f9daeb7503dae2be916c5ae9bbd2df0 629734 privoxy_3.0.19-2+deb7u2_amd64.deb
Files:
1441d751cbcf21993e183b454296acbb 1826 web optional privoxy_3.0.19-2+deb7u2.dsc
ec41efe440f600bcc7aaa3cda4f876be 22336 web optional privoxy_3.0.19-2+deb7u2.debian.tar.gz
8a767afd0eb4326c88cbb45bcd96afc5 629734 web optional privoxy_3.0.19-2+deb7u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUyePUAAoJEAJxO8/KVBCybbQQAJJUr9xVbKw00u3Yj97nKy/W
us5n/kxM9ij/FDKCq6sqvzS6P0Q34cHCbQIqqilhoo1/IEK2mthgUtBsMIKnqYwc
n/NVYwJLmE3OwQC0QGSWCqM4s6ux3GN1ERFVerXRDCNWYUjgokMu5PoPp7a32zMM
rF6YX+tmbvV9cfCXT16+OgXDRl4/RaVd0nfOZAFPMas88ATSfgzfotJ7R4k2rEAN
q98QtLJJuEMf6AmAU8LfqEJcvLbV6tmiFlDaHQV50xajuyqRxv56ps4h7lYSufeq
uDXts8uRzq1eJtPTKGw0HD8GKu5s4xOyrYPOVlOSoAjHOq905LNFWvTSQIt55U7F
Ol4mv/+1FH9Kx7S6p3z9Dk9jtE65L2QougtQgvlYCfQXJOMch0ga+qBHeQrk5U9K
XuisKgweTPIz96D93V7qt5V1OoTVrCq9fFzhywHkaYfUgXnLWaW4XBGx6yudzAho
/V3wdB+rvDzlJrxd87RhQdUGyLrBN9pOmPW2weh/LHmZBs9DQI/EWme7FdnzWl3o
QjmG+hCXwypukx5xqMcpencDSnCUFkFDZ6MDyky1BRit9K/+gwNqpJUVXggTL+zQ
58C5qlOLQ0o7Pv+93BM+0bQ9zlyhVVJvubRDBYDs1kFUJgI8R+hoKFsEcnbrrp5+
Z20flFIPCzkSvu3vzrVj
=dbay
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 05 Mar 2015 07:28:35 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:31:03 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon