openSUSE-SU-2021:1646-1

CVE-2021-44543: Encode the template name to prevent XSS (cross-side scripting) when Privoxy is configured to servce the user-manual itself
CVE-2021-44540: Free memory of compiled pattern spec before bailing
CVE-2021-44541: Free header memory when failing to get the request destination.
CVE-2021-44542: Prevent memory leaks when handling errors
Disable fast-redirects for a number of domains
Update default block lists
Many bug fixes and minor enhancements

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.33-bp153.2.3.1

{
    "binaries": [
        {
            "privoxy": "3.0.33-bp153.2.3.1",
            "privoxy-doc": "3.0.33-bp153.2.3.1"
        }
    ]
}

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1646-1.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.33-bp153.2.3.1

{
    "binaries": [
        {
            "privoxy": "3.0.33-bp153.2.3.1",
            "privoxy-doc": "3.0.33-bp153.2.3.1"
        }
    ]
}

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1646-1.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.33-bp153.2.3.1

{
    "binaries": [
        {
            "privoxy": "3.0.33-bp153.2.3.1",
            "privoxy-doc": "3.0.33-bp153.2.3.1"
        }
    ]
}

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1646-1.json"