Copied from
ubuntu trusty in
Private PPA for Ubuntu Security Team
by Mike Salvatore
Changelog
privoxy (3.0.21-7+deb8u1build0.14.04.1) trusty-security; urgency=medium
* fake sync from Debian
privoxy (3.0.21-7+deb8u1) trusty-security; urgency=high
* 40_CVE-2016-1982: Prevent invalid reads in case of corrupt
chunk-encoded content.
* 41_CVE-2016-1983: Remove empty Host headers in client requests.
Previously they would result in invalid reads.
privoxy (3.0.21-7) unstable; urgency=medium
* 37_CVE-2015-1380: denial of service.
* 38_CVE-2015-1381: multiple segmentation faults and memory leaks in the
pcrs code.
* 39_CVE-2015-1382: invalid read.
* These 3 patches Closes: #776490.
privoxy (3.0.21-5) unstable; urgency=low
* 34_CVE-2015-1030: Fix memory leak in rfc2553_connect_to(). CID 66382
* 35_CVE-2015-1031-CID66394: unmap(): Prevent use-after-free if the map
only consists of one item. CID 66394.
* 36_CVE-2015-1031-CID66376: pcrs_execute(): Consistently set *result to
NULL in case of errors. Should make use-after-free in the caller less
likely. CID 66391, CID 66376.
* These 3 patches Closes: #775167.
privoxy (3.0.21-4) unstable; urgency=low
* Enable hardening=+all
* Hardcode PIDFile in privoxy.service, since this isn't allowed as
variable (Closes: #746262).
privoxy (3.0.21-3) unstable; urgency=low
* When starting via systemd, do not run daemon as root, and honour log
file configuration. Thanks to Carlos Maddela for providing a patch
(Closes: #745274)
-- Mike Salvatore <email address hidden> Fri, 14 Sep 2018 12:24:31 -0400