{
  "schema_version": "1.7.0",
  "id": "MGASA-2015-0042",
  "published": "2015-01-27T21:08:29Z",
  "modified": "2015-01-27T21:00:07Z",
  "summary": "Updated privoxy packages fix security vulnerabilities",
  "details": "Updated privoxy packages fix security issues:\n\nFixed a DoS issue in case of client requests with incorrect chunk-encoded \nbody. When compiled with assertions enabled (the default) they could \npreviously cause Privoxy to abort().\n\nFixed multiple segmentation faults and memory leaks in the pcrs code. This \nfix also increases the chances that an invalid pcrs command is rejected as \nsuch. Previously some invalid commands would be loaded without error. Note \nthat Privoxy's pcrs sources (action and filter files) are considered \ntrustworthy input and should not be writable by untrusted third-parties.\n \nFixed an 'invalid read' bug which could at least theoretically cause \nPrivoxy to crash.\n",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2015-0042.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=15135"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2015/01/26/4"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "privoxy",
        "purl": "pkg:rpm/mageia/privoxy?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.21-2.3.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}