Date: Wed, 24 Mar 2021 06:31:10 +0100 From: Fabian Keil <freebsd-listen@...iankeil.de> To: oss-security@...ts.openwall.com Subject: Re: Multiple memory leaks fixed in Privoxy 3.0.29 stable Alan Coopersmith <alan.coopersmith@...cle.com> wrote on 2021-03-23: > It looks like Red Hat has assigned CVE ids for these issues now, but > not yet told Mitre to publish them: I ran into issues getting CVE ids for Privoxy 3.0.29 as described in: https://seclists.org/oss-sec/2020/q4/234 and https://seclists.org/oss-sec/2021/q1/90 I've sent CVE ids to this list in February after I finally got them all: https://seclists.org/oss-sec/2021/q1/101 CVE ids for Privoxy 3.0.31 and 3.0.32 were assigned within days, though. In related news Canonical seems to have published an advisory for multiple Privoxy releases including 3.0.29 on 2021-03-22 which claims that "An attacker could possibly use this issue to cause a denial of service or obtain sensitive information.": https://ubuntu.com/security/notices/USN-4886-1 Obviously the memory leaks can be used for denial of service attacks but I'm not sure what the "obtain sensitive information" part is all about ... Fabian Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.