The attached patch updates www/privoxy from 3.0.18 to 3.0.19.
The announcement is available at:
Quoting the important part:
- Bug fixes:
- Prevent a segmentation fault when de-chunking buffered content.
It could be triggered by malicious web servers if Privoxy was
configured to filter the content and running on a platform
where SIZE_T_MAX isn't larger than UINT_MAX, which probably
includes most 32-bit systems. On those platforms, all Privoxy
versions before 3.0.19 appear to be affected.
To be on the safe side, this bug should be presumed to allow
code execution as proving that it doesn't seems unrealistic.
- Do not expect a response from the SOCKS4/4A server until it
got something to respond to. This regression was introduced
in 3.0.18 and prevented the SOCKS4/4A negotiation from working.
Reported by qqqqqw in #3459781.
Fix: Patch attached with submission follows:
I'll take it.
bf 2011-12-26 22:55:48 UTC
FreeBSD ports repository
www/privoxy Makefile distinfo
update to 3.0.19
Submitted by: F. Keil (maintainer)
Security: prevent segfaults that could be triggered by remote servers
Revision Changes Path
1.37 +1 -1 ports/www/privoxy/Makefile
1.12 +2 -2 ports/www/privoxy/distinfo
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "email@example.com"