-
privoxy (3.0.21-7+deb8u1build0.15.04.1) vivid-security; urgency=medium
* fake sync from Debian
privoxy (3.0.21-7+deb8u1) jessie-security; urgency=high
* 40_CVE-2016-1982: Prevent invalid reads in case of corrupt
chunk-encoded content.
* 41_CVE-2016-1983: Remove empty Host headers in client requests.
Previously they would result in invalid reads.
-- Tyler Hicks <email address hidden> Mon, 01 Feb 2016 11:00:36 -0600
-
privoxy (3.0.21-7) unstable; urgency=medium
* 37_CVE-2015-1380: denial of service.
* 38_CVE-2015-1381: multiple segmentation faults and memory leaks in the
pcrs code.
* 39_CVE-2015-1382: invalid read.
* These 3 patches Closes: #776490.
-- Roland Rosenfeld <email address hidden> Wed, 28 Jan 2015 19:46:42 +0100
-
privoxy (3.0.21-5) unstable; urgency=low
* 34_CVE-2015-1030: Fix memory leak in rfc2553_connect_to(). CID 66382
* 35_CVE-2015-1031-CID66394: unmap(): Prevent use-after-free if the map
only consists of one item. CID 66394.
* 36_CVE-2015-1031-CID66376: pcrs_execute(): Consistently set *result to
NULL in case of errors. Should make use-after-free in the caller less
likely. CID 66391, CID 66376.
* These 3 patches Closes: #775167.
-- Roland Rosenfeld <email address hidden> Mon, 12 Jan 2015 08:44:23 +0100
-
privoxy (3.0.21-4) unstable; urgency=low
* Enable hardening=+all
* Hardcode PIDFile in privoxy.service, since this isn't allowed as
variable (Closes: #746262).
-- Roland Rosenfeld <email address hidden> Sat, 10 May 2014 14:19:03 +0200