The attached patch updates www/privoxy from 3.0.18 to 3.0.19. The announcement is available at: http://www.privoxy.org/announce.txt Quoting the important part: ##### - Bug fixes: - Prevent a segmentation fault when de-chunking buffered content. It could be triggered by malicious web servers if Privoxy was configured to filter the content and running on a platform where SIZE_T_MAX isn't larger than UINT_MAX, which probably includes most 32-bit systems. On those platforms, all Privoxy versions before 3.0.19 appear to be affected. To be on the safe side, this bug should be presumed to allow code execution as proving that it doesn't seems unrealistic. - Do not expect a response from the SOCKS4/4A server until it got something to respond to. This regression was introduced in 3.0.18 and prevented the SOCKS4/4A negotiation from working. Reported by qqqqqw in #3459781. ###### Fix: Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->bf I'll take it.
bf 2011-12-26 22:55:48 UTC FreeBSD ports repository Modified files: www/privoxy Makefile distinfo Log: update to 3.0.19 PR: 163634 Submitted by: F. Keil (maintainer) Security: prevent segfaults that could be triggered by remote servers Revision Changes Path 1.37 +1 -1 ports/www/privoxy/Makefile 1.12 +2 -2 ports/www/privoxy/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!