Add CVEs for Privoxy 3.0.24

diff --git a/ChangeLog b/ChangeLog
index 3c00da0..b61a676 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,9 +5,9 @@ ChangeLog for Privoxy
 
 - Security fixes (denial of service):
   - Prevent invalid reads in case of corrupt chunk-encoded content.
-    Bug discovered with afl-fuzz and AddressSanitizer.
+    CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.
   - Remove empty Host headers in client requests.
-    Previously they would result in invalid reads.
+    Previously they would result in invalid reads. CVE-2016-1983.
     Bug discovered with afl-fuzz and AddressSanitizer.
 
 - Bug fixes:

diff --git a/doc/source/changelog.sgml b/doc/source/changelog.sgml
index 8b2f146..49dae71 100644 (file)
--- a/doc/source/changelog.sgml
+++ b/doc/source/changelog.sgml
@@ -3,7 +3,7 @@
 
  Purpose     :  Entity included in other project documents.
 
- $Id: changelog.sgml,v 2.14 2016/01/17 14:31:33 fabiankeil Exp $
+ $Id: changelog.sgml,v 2.15 2016/01/21 15:57:16 fabiankeil Exp $
 
  Copyright (C) 2013 Privoxy Developers http://www.privoxy.org/
  See LICENSE.
@@ -22,9 +22,9 @@
 
 <para>
   <application>Privoxy 3.0.24</application> stable contains a couple
-  of new features but is mainly a bug-fix release. Two of the fixed bugs
-  are security issues (CVE requests pending) and may be used to remotely
-  trigger crashes on platforms that carefully check memory accesses (most don't).
+  of new features but is mainly a bug-fix release. Two of the fixed
+  bugs are security issues and may be used to remotely trigger crashes
+  on platforms that carefully check memory accesses (most don't).
 </para>
 
 <!--
@@ -41,13 +41,13 @@
     <listitem>
      <para>
       Prevent invalid reads in case of corrupt chunk-encoded content.
-      Bug discovered with afl-fuzz and AddressSanitizer.
+      CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.
      </para>
     </listitem>
     <listitem>
      <para>
       Remove empty Host headers in client requests.
-      Previously they would result in invalid reads.
+      Previously they would result in invalid reads. CVE-2016-1983.
       Bug discovered with afl-fuzz and AddressSanitizer.
      </para>
      </listitem>

diff --git a/doc/webserver/announce.txt b/doc/webserver/announce.txt
index 523b1f3..8af09f0 100644 (file)
--- a/doc/webserver/announce.txt
+++ b/doc/webserver/announce.txt
@@ -3,17 +3,17 @@
 
 Privoxy 3.0.24 stable contains a couple of new features but is
 mainly a bug-fix release. Two of the fixed bugs are security issues
-(CVE requests pending) and may be used to remotely trigger crashes
-on platforms that carefully check memory accesses (most don't).
+and may be used to remotely trigger crashes on platforms that
+carefully check memory accesses (most don't).
 
 --------------------------------------------------------------------
 ChangeLog for Privoxy
 --------------------------------------------------------------------
 - Security fixes (denial of service):
   - Prevent invalid reads in case of corrupt chunk-encoded content.
-    Bug discovered with afl-fuzz and AddressSanitizer.
+    CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.
   - Remove empty Host headers in client requests.
-    Previously they would result in invalid reads.
+    Previously they would result in invalid reads. CVE-2016-1983.
     Bug discovered with afl-fuzz and AddressSanitizer.
 
 - Bug fixes: