{"affected":[{"ecosystem_specific":{"binaries":[{"privoxy":"3.0.33-bp154.3.3.1","privoxy-doc":"3.0.33-bp154.3.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP4","name":"privoxy","purl":"pkg:rpm/suse/privoxy&distro=SUSE%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.0.33-bp154.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"privoxy":"3.0.33-bp154.3.3.1","privoxy-doc":"3.0.33-bp154.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"privoxy","purl":"pkg:rpm/opensuse/privoxy&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.0.33-bp154.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for privoxy fixes the following issues:\n\nprivoxy was updated to 3.0.33 (boo#1193584):\n\n* CVE-2021-44543: Encode the template name to prevent XSS\n  (cross-side scripting) when Privoxy is configured to servce\n  the user-manual itself\n* CVE-2021-44540: Free memory of compiled pattern spec\n  before bailing\n* CVE-2021-44541: Free header memory when failing to get the\n  request destination.\n* CVE-2021-44542: Prevent memory leaks when handling errors\n* Disable fast-redirects for a number of domains\n* Update default block lists\n* Many bug fixes and minor enhancements\n","id":"openSUSE-SU-2022:10186-1","modified":"2022-11-02T08:52:06Z","published":"2022-11-02T08:52:06Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2UGN5D6UHVWYBE3WUP7XR2TUJPRGWJ2G/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193584"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-44540"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-44541"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-44542"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-44543"}],"related":["CVE-2021-44540","CVE-2021-44541","CVE-2021-44542","CVE-2021-44543"],"summary":"Security update for privoxy","upstream":["CVE-2021-44540","CVE-2021-44541","CVE-2021-44542","CVE-2021-44543"]}