From: Fabian Keil Date: Sat, 30 Jan 2021 16:31:33 +0000 (+0100) Subject: Import changes for Privoxy 3.0.31 stable X-Git-Tag: v_3_0_31~7 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/-%22http:/sourceforge.net/static/gitweb.js?a=commitdiff_plain;h=4a418afddb7f0cbd4004b877b7df81bb10fd3f58;p=privoxy.git Import changes for Privoxy 3.0.31 stable --- diff --git a/doc/source/changelog.sgml b/doc/source/changelog.sgml index b106f57f..4413bb52 100644 --- a/doc/source/changelog.sgml +++ b/doc/source/changelog.sgml @@ -24,8 +24,50 @@ --> - Privoxy 3.0.30 fixes a couple of bugs - and introduces a few new features. + Privoxy 3.0.31 fixes two security issues + that were discovered while preparing the 3.0.30 release. The issues + also affect earlier Privoxy releases. + + + Changes in Privoxy 3.0.31 stable: + + + + + + Security/Reliability: + + + + Prevent an assertion from getting triggered by a crafted CGI request. + Commit 5bba5b89193fa. OVE-20210130-0001. + Reported by: Joshua Rogers (Opera) + + + + + Fixed a memory leak when decompression fails "unexpectedly". + Commit f431d61740cc0. OVE-20210128-0001. + + + + + + + + Bug fixes: + + + + Fixed detection of insufficient data for decompression. + Previously Privoxy could try to decompress a partly + uninitialized buffer. + + + + + + Changes in Privoxy 3.0.30 stable: