From 8183b8e71365338bb8c7b7324528f0dc0b0b0395 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 22 Jan 2016 10:20:48 +0000 Subject: [PATCH] Add CVEs for Privoxy 3.0.24 --- ChangeLog | 4 ++-- doc/source/changelog.sgml | 12 ++++++------ doc/webserver/announce.txt | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3c00da07..b61a6763 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,9 +5,9 @@ ChangeLog for Privoxy - Security fixes (denial of service): - Prevent invalid reads in case of corrupt chunk-encoded content. - Bug discovered with afl-fuzz and AddressSanitizer. + CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer. - Remove empty Host headers in client requests. - Previously they would result in invalid reads. + Previously they would result in invalid reads. CVE-2016-1983. Bug discovered with afl-fuzz and AddressSanitizer. - Bug fixes: diff --git a/doc/source/changelog.sgml b/doc/source/changelog.sgml index 8b2f1464..49dae71e 100644 --- a/doc/source/changelog.sgml +++ b/doc/source/changelog.sgml @@ -3,7 +3,7 @@ Purpose : Entity included in other project documents. - $Id: changelog.sgml,v 2.14 2016/01/17 14:31:33 fabiankeil Exp $ + $Id: changelog.sgml,v 2.15 2016/01/21 15:57:16 fabiankeil Exp $ Copyright (C) 2013 Privoxy Developers http://www.privoxy.org/ See LICENSE. @@ -22,9 +22,9 @@ Privoxy 3.0.24 stable contains a couple - of new features but is mainly a bug-fix release. Two of the fixed bugs - are security issues (CVE requests pending) and may be used to remotely - trigger crashes on platforms that carefully check memory accesses (most don't). + of new features but is mainly a bug-fix release. Two of the fixed + bugs are security issues and may be used to remotely trigger crashes + on platforms that carefully check memory accesses (most don't).