Update announcement for Privoxy 3.0.31 stable

author Fabian Keil <fk@fabiankeil.de>

Sat, 30 Jan 2021 16:46:55 +0000 (17:46 +0100)

committer Fabian Keil <fk@fabiankeil.de>

Sat, 30 Jan 2021 16:46:55 +0000 (17:46 +0100)
author Fabian Keil <fk@fabiankeil.de>
Sat, 30 Jan 2021 16:46:55 +0000 (17:46 +0100)
committer Fabian Keil <fk@fabiankeil.de>
Sat, 30 Jan 2021 16:46:55 +0000 (17:46 +0100)
diff --git a/doc/webserver/announce.txt b/doc/webserver/announce.txt

index 21908e1..3eb98eb 100644 (file)
--- a/doc/webserver/announce.txt
+++ b/doc/webserver/announce.txt
@@ -1,8 +1,24 @@
-               Announcing Privoxy 3.0.30 stable
+               Announcing Privoxy 3.0.31 stable
  --------------------------------------------------------------------
  
-Privoxy 3.0.30 stable fixes a couple of bugs and introduces
-a few new features.
+Privoxy 3.0.31 fixes two security issues that were discovered while
+preparing the 3.0.30 release. The issues also affect earlier Privoxy
+releases.
+
+--------------------------------------------------------------------
+ChangeLog for Privoxy 3.0.31
+--------------------------------------------------------------------
+- Security/Reliability:
+  - Prevent an assertion from getting triggered by a crafted CGI request.
+    Commit 5bba5b89193fa. OVE-20210130-0001.
+    Reported by: Joshua Rogers (Opera)
+  - Fixed a memory leak when decompression fails "unexpectedly".
+    Commit f431d61740cc0. OVE-20210128-0001.
+
+- Bug fixes:
+  - Fixed detection of insufficient data for decompression.
+    Previously Privoxy could try to decompress a partly
+    uninitialized buffer.
  
  --------------------------------------------------------------------
  ChangeLog for Privoxy 3.0.30
author	Fabian Keil <fk@fabiankeil.de>
	Sat, 30 Jan 2021 16:46:55 +0000 (17:46 +0100)
committer	Fabian Keil <fk@fabiankeil.de>
	Sat, 30 Jan 2021 16:46:55 +0000 (17:46 +0100)