Bug 1181743 - (CVE-2020-35502) VUL-0: privoxy: CVE-2021-20210,CVE-2021-20212,CVE-2021-20211,CVE-2021-20214,CVE-2021-20213,CVE-2021-20209,CVE-2020-35502,CVE-2021-20215: Multiple vulnerabilities fixed in privoxy 3.0.29
VUL-0: privoxy: CVE-2021-20210,CVE-2021-20212,CVE-2021-20211,CVE-2021-20214,C...
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.2
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
Depends on:
  Show dependency treegraph
Reported: 2021-02-03 12:37 UTC by Alexandros Toptsoglou
Modified: 2021-02-03 12:38 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2021-02-03 12:37:25 UTC
through oss

Here are the updated ChangeLog entries with CVEs:

- Security/Reliability:
  - Fixed memory leaks when a response is buffered and the buffer
    limit is reached or Privoxy is running out of memory.
    Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
    Sponsored by: Robert Klemme
  - Fixed a memory leak in the show-status CGI handler when
    no action files are configured. Commit c62254a686.
    OVE-20201118-0002. CVE-2021-20209.
    Sponsored by: Robert Klemme
  - Fixed a memory leak in the show-status CGI handler when
    no filter files are configured. Commit 1b1370f7a8a.
    OVE-20201118-0003. CVE-2021-20210.
    Sponsored by: Robert Klemme
  - Fixes a memory leak when client tags are active.
    Commit 245e1cf32. OVE-20201118-0004. CVE-2021-20211.
    Sponsored by: Robert Klemme
  - Fixed a memory leak if multiple filters are executed
    and the last one is skipped due to a pcre error.
    Commit 5cfb7bc8fe. OVE-20201118-0005. CVE-2021-20212.
  - Prevent an unlikely dereference of a NULL-pointer that
    could result in a crash if accept-intercepted-requests
    was enabled, Privoxy failed to get the request destination
    from the Host header and a memory allocation failed.
    Commit 7530132349. CID 267165. OVE-20201118-0006. CVE-2021-20213.
  - Fixed memory leaks in the client-tags CGI handler when
    client tags are configured and memory allocations fail.
    Commit cf5640eb2a. CID 267168. OVE-20201118-0007. CVE-2021-20214.
  - Fixed memory leaks in the show-status CGI handler when memory
    allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
    CID 305233. OVE-20201118-0008. CVE-2021-20215.
Comment 1 Alexandros Toptsoglou 2021-02-03 12:38:33 UTC
Leap ships already the version 3.0.29 and Factory 3.0.31. We are not affected. Closing