oss-sec mailing list archives
Multiple memory leaks fixed in Privoxy 3.0.29 stable
From: Fabian Keil <freebsd-listen () fabiankeil de>
Date: Sun, 29 Nov 2020 16:53:12 +0100
Announcing Privoxy 3.0.29 stable
--------------------------------------------------------------------
Privoxy 3.0.29 stable fixes a couple of memory leaks and introduces
https inspection which allows to filter encrypted requests and
responses.
--------------------------------------------------------------------
ChangeLog for Privoxy 3.0.29
--------------------------------------------------------------------
- Security/Reliability:
- Fixed memory leaks when a response is buffered and the buffer
limit is reached or Privoxy is running out of memory.
Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no action files are configured. Commit c62254a686.
OVE-20201118-0002.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no filter files are configured. Commit 1b1370f7a8a.
OVE-20201118-0003.
Sponsored by: Robert Klemme
- Fixes a memory leak when client tags are active.
Commit 245e1cf32. OVE-20201118-0004.
Sponsored by: Robert Klemme
- Fixed a memory leak if multiple filters are executed
and the last one is skipped due to a pcre error.
Commit 5cfb7bc8fe. OVE-20201118-0005.
- Prevent an unlikely dereference of a NULL-pointer that
could result in a crash if accept-intercepted-requests
was enabled, Privoxy failed to get the request destination
from the Host header and a memory allocation failed.
Commit 7530132349. CID 267165. OVE-20201118-0006.
- Fixed memory leaks in the client-tags CGI handler when
client tags are configured and memory allocations fail.
Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
- Fixed memory leaks in the show-status CGI handler when memory
allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
CID 305233. OVE-20201118-0008.
- General improvements:
[...]
-----------------------------------------------------------------
About Privoxy:
-----------------------------------------------------------------
Privoxy is a non-caching web proxy with advanced filtering capabilities for
enhancing privacy, modifying web page data and HTTP headers, controlling
access, and removing ads and other obnoxious Internet junk. Privoxy has a
flexible configuration and can be customized to suit individual needs and
tastes. It has application for both stand-alone systems and multi-user
networks.
Privoxy is Free Software and licensed under the GNU GPLv2.
[...]
Home Page:
https://www.privoxy.org/
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Multiple memory leaks fixed in Privoxy 3.0.29 stable Fabian Keil (Nov 29)
- CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) Fabian Keil (Dec 23)
- Re: CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) Nick Tait (Dec 23)
- Re: CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) Jeffrey Walton (Dec 25)
- CVE request experience (was: Multiple memory leaks fixed in Privoxy 3.0.29 stable) Fabian Keil (Dec 23)