privoxy-3.0.21-1.el6 security update
|Release:||Fedora EPEL 6|
|Date Submitted:||2013-03-12 14:51:50|
|Date Released:||2013-03-12 16:45:34|
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2503 to the following vulnerability:
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.
References:  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2503  http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/  http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markupBugs Fixedbodhi - 2013-03-12 14:52:21This update has been submitted for testing by limb.
bodhi - 2013-03-12 15:43:22This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-03-12 17:44:17This update has been pushed to testing
bodhi - 2013-03-26 22:07:48This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2013-03-27 12:14:47This update has been submitted for stable by limb.
bodhi - 2013-03-27 15:47:17This update is currently being pushed to the Fedora EPEL 6 stable updates repository.
bodhi - 2013-03-28 18:37:40This update has been pushed to stable