Update announcement for Privoxy 3.0.31 stable
authorFabian Keil <fk@fabiankeil.de>
Sat, 30 Jan 2021 16:46:55 +0000 (17:46 +0100)
committerFabian Keil <fk@fabiankeil.de>
Sat, 30 Jan 2021 16:46:55 +0000 (17:46 +0100)
doc/webserver/announce.txt

index 21908e1..3eb98eb 100644 (file)
@@ -1,8 +1,24 @@
-               Announcing Privoxy 3.0.30 stable
+               Announcing Privoxy 3.0.31 stable
 --------------------------------------------------------------------
 
-Privoxy 3.0.30 stable fixes a couple of bugs and introduces
-a few new features.
+Privoxy 3.0.31 fixes two security issues that were discovered while
+preparing the 3.0.30 release. The issues also affect earlier Privoxy
+releases.
+
+--------------------------------------------------------------------
+ChangeLog for Privoxy 3.0.31
+--------------------------------------------------------------------
+- Security/Reliability:
+  - Prevent an assertion from getting triggered by a crafted CGI request.
+    Commit 5bba5b89193fa. OVE-20210130-0001.
+    Reported by: Joshua Rogers (Opera)
+  - Fixed a memory leak when decompression fails "unexpectedly".
+    Commit f431d61740cc0. OVE-20210128-0001.
+
+- Bug fixes:
+  - Fixed detection of insufficient data for decompression.
+    Previously Privoxy could try to decompress a partly
+    uninitialized buffer.
 
 --------------------------------------------------------------------
 ChangeLog for Privoxy 3.0.30