X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=ChangeLog;h=f8d657a21d8187232ef9c92f7084f9dce46db7fc;hb=915f23de10c8d1d24e70c79adeb1793ea98bf057;hp=4c598c2ed6a6d7043447a40cb67033044d184f1c;hpb=5680df10c9d9da954a9bba18b489893c8f0fcdf2;p=privoxy.git

diff --git a/ChangeLog b/ChangeLog
index 4c598c2e..f8d657a2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,16 +7,17 @@ ChangeLog for Privoxy
   - Fixed a DoS issue in case of client requests with incorrect
     chunk-encoded body. When compiled with assertions enabled
     (the default) they could previously cause Privoxy to abort().
-    Reported by Matthew Daley.
+    Reported by Matthew Daley. CVE-2015-1380.
   - Fixed multiple segmentation faults and memory leaks in the
     pcrs code. This fix also increases the chances that an invalid
     pcrs command is rejected as such. Previously some invalid commands
     would be loaded without error. Note that Privoxy's pcrs sources
     (action and filter files) are considered trustworthy input and
-    should not be writable by untrusted third-parties.
+    should not be writable by untrusted third-parties. CVE-2015-1381.
   - Fixed an 'invalid read' bug which could at least theoretically
     cause Privoxy to crash. So far, no crashes have been observed.
-  - Compiles with --disable-force again. Reported by Kay Raven.
+    CVE-2015-1382.
+  - Compiles with --disable-force again. Reported by Kai Raven.
   - Client requests with body that can't be delivered no longer
     cause pipelined requests behind them to be rejected as invalid.
     Reported by Basil Hussain.
@@ -50,10 +51,10 @@ ChangeLog for Privoxy
   - Fixed a memory leak when rejecting client connections due to
     the socket limit being reached (CID 66382). This affected
     Privoxy 3.0.21 when compiled with IPv6 support (on most
-    platforms this is the default).
+    platforms this is the default). CVE-2015-1030.
   - Fixed an immediate-use-after-free bug (CID 66394) and two
     additional unconfirmed use-after-free complaints made by
-    Coverity scan (CID 66391, CID 66376).
+    Coverity scan (CID 66391, CID 66376). CVE-2015-1031.
   - Actually show the FORCE_PREFIX value on the show-status page.
   - Properly deal with Keep-Alive headers with timeout= parameters
     If the timeout still can't be parsed, use the configured