{"id":"MGASA-2021-0570","summary":"Updated privoxy packages fix security vulnerabilities","details":"Updated privoxy packages fix security vulnerabilities:\n\nA security issue has been found in Privoxy before version 3.0.33.\nget_url_spec_param() did not free memory of compiled pattern spec\nbefore bailing (CVE-2021-44540).\n\nA security issue has been found in Privoxy before version 3.0.33.\nprocess_encrypted_request_headers() did not free header memory when\nfailing to get the request destination (CVE-2021-44541).\n\nA security issue has been found in Privoxy before version 3.0.33.\nsend_http_request() leaked memory when handling errors (CVE-2021-44542).\n\nA security issue has been found in Privoxy before version 3.0.33.\ncgi_error_no_template() did not encode the template name, which could\nlead to cross-site scripting when Privoxy is configured to servce the\nuser-manual itself (CVE-2021-44543).\n","modified":"2026-02-04T02:49:00.516616Z","published":"2021-12-19T16:13:42Z","related":["CVE-2021-44540","CVE-2021-44541","CVE-2021-44542","CVE-2021-44543"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0570.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29745"},{"type":"REPORT","url":"http://www.privoxy.org/announce.txt"}],"affected":[{"package":{"name":"privoxy","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/privoxy?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.32-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0570.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}