From 926742cac6c016cb5e31caeaeaf476b4c62a134e Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Fri, 27 Mar 2015 12:41:57 +0000
Subject: [PATCH] Add CVEs for Privoxy 3.0.23

---
 ChangeLog | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 978546d6..f8d657a2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,15 +7,16 @@ ChangeLog for Privoxy
   - Fixed a DoS issue in case of client requests with incorrect
     chunk-encoded body. When compiled with assertions enabled
     (the default) they could previously cause Privoxy to abort().
-    Reported by Matthew Daley.
+    Reported by Matthew Daley. CVE-2015-1380.
   - Fixed multiple segmentation faults and memory leaks in the
     pcrs code. This fix also increases the chances that an invalid
     pcrs command is rejected as such. Previously some invalid commands
     would be loaded without error. Note that Privoxy's pcrs sources
     (action and filter files) are considered trustworthy input and
-    should not be writable by untrusted third-parties.
+    should not be writable by untrusted third-parties. CVE-2015-1381.
   - Fixed an 'invalid read' bug which could at least theoretically
     cause Privoxy to crash. So far, no crashes have been observed.
+    CVE-2015-1382.
   - Compiles with --disable-force again. Reported by Kai Raven.
   - Client requests with body that can't be delivered no longer
     cause pipelined requests behind them to be rejected as invalid.
-- 
2.39.2