godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-05 14:09:53 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
52ae2a4e1d10da4ea46bc730db69a40d79eb835a
buildroot/package/privoxy/privoxy.hash
Peter Korsgaard 44a97dcb93 package/privoxy: security bump to version 3.0.33 
Fixes the following security issues:

  - cgi_error_no_template(): Encode the template name to prevent
    XSS (cross-site scripting) when Privoxy is configured to servce
    the user-manual itself.
    Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543.
    Reported by: Artem Ivanov

  - get_url_spec_param(): Free memory of compiled pattern spec
    before bailing.
    Reported by Joshua Rogers (Opera) who also provided the fix.
    Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540.

  - process_encrypted_request_headers(): Free header memory when
    failing to get the request destination.
    Reported by Joshua Rogers (Opera) who also provided the fix.
    Commit 0509c58045. OVE-20211201-0002. CVE-2021-44541.

  - send_http_request(): Prevent memory leaks when handling errors
    Reported by Joshua Rogers (Opera) who also provided the fix.
    Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-12-16 20:07:37 +01:00

7 lines
445 B
Plaintext
Raw Blame History

# From https://sourceforge.net/projects/ijbswa/files/Sources/3.0.33%20%28stable%29/
md5 d6caf3eaad4812f0658b68d5b3ba3a06 privoxy-3.0.33-stable-src.tar.gz
sha1 688da305077d8ecbcf6423e02201f01f7a7098f4 privoxy-3.0.33-stable-src.tar.gz
# Locally computed
sha256 04b104e70dac61561b9dd110684b250fafc8c13dbe437a60fae18ddd9a881fae privoxy-3.0.33-stable-src.tar.gz
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 LICENSE
Reference in New Issue View Git Blame Copy Permalink