[3.0] privoxy: security issues (CVE-2016-1982, CVE-2016-1983)
CVE-2016-1982: invalid reads in case of corrupt chunk-encoded content
CVE-2016-1983: invalid read via empty host header in client request
Fixed In Version:
privoxy 3.0.24
References:
http://seclists.org/oss-sec/2016/q1/179
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-1982
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-1983
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/filters.c?r1=1.196&r2=1.197
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303
(from redmine: issue id 5063, created on 2016-02-02, closed on 2016-02-09)
- Relations:
- parent #5059 (closed)
- Changesets:
- Revision e3d466c9 on 2016-02-09T09:26:40Z:
main/privoxy: security upgrade to 3.0.24 (CVE-2016-1982,CVE-2016-1983). Fixes #5063
(cherry picked from commit 3abe44615ddc514b7298119cef64498d06be639f)