X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ChangeLog;h=f8d657a21d8187232ef9c92f7084f9dce46db7fc;hp=745d141ce03ce1552f80e7476253fec7f328cfc6;hb=ce0952da61bb0c60341ada1627bcde2a05b46d98;hpb=28e89680c5e82861e5454856ad52032deddcf74b

diff --git a/ChangeLog b/ChangeLog
index 745d141c..f8d657a2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,16 +7,17 @@ ChangeLog for Privoxy
   - Fixed a DoS issue in case of client requests with incorrect
     chunk-encoded body. When compiled with assertions enabled
     (the default) they could previously cause Privoxy to abort().
-    Reported by Matthew Daley.
+    Reported by Matthew Daley. CVE-2015-1380.
   - Fixed multiple segmentation faults and memory leaks in the
     pcrs code. This fix also increases the chances that an invalid
     pcrs command is rejected as such. Previously some invalid commands
     would be loaded without error. Note that Privoxy's pcrs sources
     (action and filter files) are considered trustworthy input and
-    should not be writable by untrusted third-parties.
+    should not be writable by untrusted third-parties. CVE-2015-1381.
   - Fixed an 'invalid read' bug which could at least theoretically
     cause Privoxy to crash. So far, no crashes have been observed.
-  - Compiles with --disable-force again. Reported by Kay Raven.
+    CVE-2015-1382.
+  - Compiles with --disable-force again. Reported by Kai Raven.
   - Client requests with body that can't be delivered no longer
     cause pipelined requests behind them to be rejected as invalid.
     Reported by Basil Hussain.