Import changes for Privoxy 3.0.31 stable
authorFabian Keil <fk@fabiankeil.de>
Sat, 30 Jan 2021 16:31:33 +0000 (17:31 +0100)
committerFabian Keil <fk@fabiankeil.de>
Sat, 30 Jan 2021 16:31:33 +0000 (17:31 +0100)
doc/source/changelog.sgml

index b106f57..4413bb5 100644 (file)
 -->
 
 <para>
-  <application>Privoxy 3.0.30</application> fixes a couple of bugs
-  and introduces a few new features.
+  <application>Privoxy 3.0.31</application> fixes two security issues
+  that were discovered while preparing the 3.0.30 release. The issues
+  also affect earlier Privoxy releases.
+</para>
+ <para>
+  Changes in <application>Privoxy 3.0.31</application> stable:
+ </para>
+ <para>
+ <itemizedlist>
+  <listitem>
+   <para>
+    Security/Reliability:
+    <itemizedlist>
+    <listitem>
+     <para>
+      Prevent an assertion from getting triggered by a crafted CGI request.
+      Commit 5bba5b89193fa. OVE-20210130-0001.
+      Reported by: Joshua Rogers (Opera)
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Fixed a memory leak when decompression fails "unexpectedly".
+      Commit f431d61740cc0. OVE-20210128-0001.
+     </para>
+     </listitem>
+    </itemizedlist>
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    Bug fixes:
+    <itemizedlist>
+    <listitem>
+     <para>
+      Fixed detection of insufficient data for decompression.
+      Previously Privoxy could try to decompress a partly
+      uninitialized buffer.
+     </para>
+     </listitem>
+    </itemizedlist>
+   </para>
+  </listitem>
+ </itemizedlist>
 </para>
  <para>
   Changes in <application>Privoxy 3.0.30</application> stable: