FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ad82b0e9-c3d6-11e5-b5fe-002590263bf5privoxy -- malicious server spoofing as proxy vulnerability

Privoxy Developers reports:

Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentially allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley.


Discovery 2013-03-07
Entry 2016-01-26
privoxy
< 3.0.21

CVE-2013-2503
ports/176813
http://www.privoxy.org/3.0.21/user-manual/whatsnew.html
d9e1b569-c3d8-11e5-b5fe-002590263bf5privoxy -- multiple vulnerabilities

Privoxy Developers reports:

Fixed a DoS issue in case of client requests with incorrect chunk-encoded body. When compiled with assertions enabled (the default) they could previously cause Privoxy to abort(). Reported by Matthew Daley. CVE-2015-1380.

Fixed multiple segmentation faults and memory leaks in the pcrs code. This fix also increases the chances that an invalid pcrs command is rejected as such. Previously some invalid commands would be loaded without error. Note that Privoxy's pcrs sources (action and filter files) are considered trustworthy input and should not be writable by untrusted third-parties. CVE-2015-1381.

Fixed an 'invalid read' bug which could at least theoretically cause Privoxy to crash. So far, no crashes have been observed. CVE-2015-1382.


Discovery 2015-01-26
Entry 2016-01-26
privoxy
< 3.0.23

CVE-2015-1380
CVE-2015-1381
CVE-2015-1382
ports/197089
http://www.privoxy.org/3.0.23/user-manual/whatsnew.html
http://www.openwall.com/lists/oss-security/2015/01/26/4
a763a0e7-c3d9-11e5-b5fe-002590263bf5privoxy -- multiple vulnerabilities

Privoxy Developers reports:

Prevent invalid reads in case of corrupt chunk-encoded content. CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.

Remove empty Host headers in client requests. Previously they would result in invalid reads. CVE-2016-1983. Bug discovered with afl-fuzz and AddressSanitizer.


Discovery 2016-01-22
Entry 2016-01-26
privoxy
< 3.0.24

CVE-2016-1982
CVE-2016-1983
ports/206504
http://www.privoxy.org/3.0.24/user-manual/whatsnew.html
http://www.openwall.com/lists/oss-security/2016/01/21/4
89d4ed09-c3d7-11e5-b5fe-002590263bf5privoxy -- multiple vulnerabilities

Privoxy Developers reports:

Fixed a memory leak when rejecting client connections due to the socket limit being reached (CID 66382). This affected Privoxy 3.0.21 when compiled with IPv6 support (on most platforms this is the default).

Fixed an immediate-use-after-free bug (CID 66394) and two additional unconfirmed use-after-free complaints made by Coverity scan (CID 66391, CID 66376).

MITRE reports:

Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors.


Discovery 2015-01-10
Entry 2016-01-26
privoxy
< 3.0.22

CVE-2015-1030
CVE-2015-1031
CVE-2015-1201
ports/195468
http://www.privoxy.org/3.0.22/user-manual/whatsnew.html
http://www.openwall.com/lists/oss-security/2015/01/11/1