On 2021/02/04 18:39, Bjorn Ketelaars wrote: > A newer version of privoxy is available, which addresses 2 CVE's: > > CVE-2021-20217 > Prevent an assertion from getting triggered by a crafted CGI request. > > CVE-2021-20216 > Fixed a memory leak when decompression fails "unexpectedly". > > Lightly run tested on amd64. > > I think it makes sense to backport this update to 6.8. > > Comments, OK?
There's a missing $(DESTDIR) on line 971 of GNUmakefile.in that breaks packaging if privoxy is already installed > @group > +share/examples/privoxy/templates/edit-actions-for-url-string-filter That one needs an @sample adding too > share/examples/privoxy/templates/edit-actions-list > @owner _privoxy > @group _privoxy >